Jorge F. Hernandez
2019-Feb-19 17:06 UTC
[Samba] Joining an Active Directory Domain "2016"
Hello, Has anybody been able to join an Active Directory 2016 using Samba Winbind? If so, how can this be done? I've been trying but it fails every time and when it finally shows me something using realm list, it won't let me login with any user from the domain, therefore, not working. Thanks, -- Jorge F. Hernandez IT System Administrator *GLOSS* 28 West 25th Street, 12th Floor New York, New York 10010 T 212 229 0009 http://www.glossstudio.com http://glossvfx.com
On Tue, 19 Feb 2019 12:06:19 -0500 "Jorge F. Hernandez via samba" <samba at lists.samba.org> wrote:> Hello, > > Has anybody been able to join an Active Directory 2016 using Samba > Winbind? > > If so, how can this be done? > > I've been trying but it fails every time and when it finally shows me > something using realm list, it won't let me login with any user from > the domain, therefore, not working. > > Thanks,Sorry, but you are limited to 2012 (and that is experimental), but things should get better when 4.11 comes out. Rowland
On Tue, 2019-02-19 at 17:15 +0000, Rowland Penny via samba wrote:> On Tue, 19 Feb 2019 12:06:19 -0500 > "Jorge F. Hernandez via samba" <samba at lists.samba.org> wrote: > > > > > Hello, > > > > Has anybody been able to join an Active Directory 2016 using Samba > > Winbind? > > > > If so, how can this be done? > > > > I've been trying but it fails every time and when it finally shows > > me > > something using realm list, it won't let me login with any user > > from > > the domain, therefore, not working. > > > > Thanks, > Sorry, but you are limited to 2012 (and that is experimental), but > things should get better when 4.11 comes out.G'Day Rowland, This is indeed the line for joining as an AD DC, but we should be able to join as a member server without difficulty. I've asked Joe to test Samba against Windows for https://gitlab.com/samba-team/samba/merge_requests/242 and hopefully he can do that against 2016 for me. That should rule out a generic issue. Jorge, I think you will need to turn up the debug level and see exactly what errors you get. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Jorge F. Hernandez
2019-Mar-01 21:54 UTC
[Samba] Joining an Active Directory Domain "2016"
> OK I'm trying 2012 R2 and I get this after I join: > > # realm list > example.com > type: kerberos > realm-name: EXAMPLE.COM > domain-name: example.com > configured: kerberos-member > server-software: active-directory > client-software: sssd > required-package: oddjob > required-package: oddjob-mkhomedir > required-package: sssd > required-package: adcli > required-package: samba-common-tools > login-formats: %U at example.com > login-policy: allow-realm-logins > > But when I run "id user at example.com" I keep getting a user doesn't exist. > > Any ideas?> On 2/19/19 12:15 PM, Rowland Penny via samba wrote: >> On Tue, 19 Feb 2019 12:06:19 -0500 >> "Jorge F. Hernandez via samba"<samba at lists.samba.org> wrote: >> >>> Hello, >>> >>> Has anybody been able to join an Active Directory 2016 using Samba >>> Winbind? >>> >>> If so, how can this be done? >>> >>> I've been trying but it fails every time and when it finally shows me >>> something using realm list, it won't let me login with any user from >>> the domain, therefore, not working. >>> >>> Thanks, >> Sorry, but you are limited to 2012 (and that is experimental), but >> things should get better when 4.11 comes out. >> >> Rowland >> >
On Fri, 1 Mar 2019 16:54:28 -0500 "Jorge F. Hernandez via samba" <samba at lists.samba.org> wrote:> > OK I'm trying 2012 R2 and I get this after I join: > > > > # realm list > > example.com > > type: kerberos > > realm-name: EXAMPLE.COM > > domain-name: example.com > > configured: kerberos-member > > server-software: active-directory > > client-software: sssd > > required-package: oddjob > > required-package: oddjob-mkhomedir > > required-package: sssd > > required-package: adcli > > required-package: samba-common-tools > > login-formats: %U at example.com > > login-policy: allow-realm-logins > > > > But when I run "id user at example.com" I keep getting a user doesn't > > exist. > > > > Any ideas? > > > On 2/19/19 12:15 PM, Rowland Penny via samba wrote: > >> On Tue, 19 Feb 2019 12:06:19 -0500 > >> "Jorge F. Hernandez via samba"<samba at lists.samba.org> wrote: > >> > >>> Hello, > >>> > >>> Has anybody been able to join an Active Directory 2016 using Samba > >>> Winbind? > >>> > >>> If so, how can this be done? > >>> > >>> I've been trying but it fails every time and when it finally > >>> shows me something using realm list, it won't let me login with > >>> any user from the domain, therefore, not working. > >>> > >>> Thanks, > >> Sorry, but you are limited to 2012 (and that is experimental), but > >> things should get better when 4.11 comes out. > >> > >> Rowland > >> > > >Just 'what' are you trying to join to the domain and how ? By 'what', I mean as an AD DC or Unix domain member. By 'How', are you using Samba tools or something like realmd ? Rowland
On Fri, 1 Mar 2019 17:13:01 -0500 "Jorge F. Hernandez" <jorge at glossstudio.com> wrote:> I'm trying to join a Unix Domain member using "realm join -U > Administrator example.com" I don't know if that's Samba Tools or > realmd, but it is frustrating.It isn't a Samba tool and isn't supported by Samba, if you want help with realmd, you will have to ask Centos or Fedora or RHEL etc. sssd isn't a Samba tool either.> > I'm also trying net ads join, but it says that it cannot join as > stand alone server.Then your smb.conf isn't setup correctly, have you read this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member It might help if you tell us your distro (probably a red-hat based one) and post the smb.conf you are trying to join with. I can assure you that, using Samba tools, it is possible to do what you require. Rowland