Hi everyone. I have 2 vps: one configured as pdc (witch ip address 192.168.1.6) fully functional. On the second vps I would like to create a domain member and have it join on the pdc. I read the wiki https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member but I can not understand the guide. For example, pearl of krb client but does not say (use debian streatch) what I have to install to get it. Could someone pass me a link that explains how to create a member of domain? Thank you for your cooperation
On Sun, 6 Jan 2019 15:32:03 +0100 marco pirola via samba <samba at lists.samba.org> wrote:> Hi everyone. I have 2 vps: one configured as pdc (witch ip address > 192.168.1.6) fully functional.Now do you mean that you have a set up an NT-style domain controller (PDC), or do you mean that you have set up an Active Directory domain controller (DC) ? It makes a big difference.>On the second vps I would like to > create a domain member and have it join on the pdc. I read the wiki > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > but I can not understand the guide.Just what do you not understand ?>For example, pearl of krb client but does not say (use debian >streatch)'pearl' ? However mention of kerberos must mean you have set up an AD DC, so please stop calling it a PDC, it isn't one.> what I have to install to get it.The Samba wiki is written around using a self-compiled Samba, so you normally need to consult your OS's documentation for what to install, but I install: samba winbind smbclient libpam-winbind libnss-winbind libpam-krb5 acl attr krb5-config krb5-user ntp>Could someone pass me a link that > explains how to create a member of domain? Thank you for your > cooperation >Install the above packages and follow the wiki. Any problems, ask here. Rowland
On Sun, 6 Jan 2019 17:32:35 +0100 marco pirola <mapirola81 at gmail.com> wrote:> To configure the pdc I used this link:Please STOP calling it a pdc, it isn't a pdc, it is a DC.> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller. > Now I'm trying to use the link > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > to create a domain member where I then create the various shares with > the corresponding ACLs.>What should I enter for example in krb.confHow about what it shows here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_Kerberos Replacing 'SAMDOM.EXAMPLE.COM' with your uppercase dns domain.> and can I use samba-tool domain provision --use-rfc2307 --interactive > putting member when asked to create a working smb.conf?NO, positively no, I am not quite sure just what you get if you do what you proposed, but it isn't a Unix domain member.>Did I have to join or do something else?You need to create a smb.conf, based around your AD DC, but be aware, the ID's (the '3000000' numbers) used on a Samba AD DC are only used on a DC and are never used on a Unix domain member.>I am a beginner in creating a domain member.Everyone has to start somewhere. Rowland
It does not explain how to create a smb.conf of a domain member. Could you post me an example so you can start figuring out? Il 06/01/2019 18:18, Rowland Penny via samba ha scritto:> On Sun, 6 Jan 2019 17:32:35 +0100 > marco pirola <mapirola81 at gmail.com> wrote: > >> To configure the pdc I used this link: > Please STOP calling it a pdc, it isn't a pdc, it is a DC. > >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller. >> Now I'm trying to use the link >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member >> to create a domain member where I then create the various shares with >> the corresponding ACLs. >> What should I enter for example in krb.conf > How about what it shows here: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_Kerberos > > Replacing 'SAMDOM.EXAMPLE.COM' with your uppercase dns domain. > >> and can I use samba-tool domain provision --use-rfc2307 --interactive >> putting member when asked to create a working smb.conf? > NO, positively no, I am not quite sure just what you get if you do what > you proposed, but it isn't a Unix domain member. > >> Did I have to join or do something else? > You need to create a smb.conf, based around your AD DC, but be aware, > the ID's (the '3000000' numbers) used on a Samba AD DC are only used on > a DC and are never used on a Unix domain member. > >> I am a beginner in creating a domain member. > Everyone has to start somewhere. > > Rowland > > >