Rowland penny
2020-Jul-23 18:21 UTC
[Samba] using samba-tool from a domain member other than the DC
On 23/07/2020 18:42, Jason Keltz via samba wrote:> Hi. > > I left off from my original question... > > I've joined the domain using "realm join", and am not using winbind. > > I'm looking for the minimal configuration I need to have in smb.conf > to be able to run samba-tool from a domain member. > > My /etc/krb5.conf contains: > > [libdefaults] > > default_realm = <my realm> > > dns_lookup_realm = false > > dns_lookup_kdc = true > > My /etc/smb.conf contains minimal: > > [global] > > workgroup=<my workgroup> > > security=ADS > > realm=<my realm> > > Have I missed providing some detail? > > Do I need to be running smbd to be able to use samba-tool from a > domain member? > > Is nobody else using samba-tool from outside their DC that might be > able to suggest why this doesn't work? > > Thanks, > > Jason.Not sure, I have never tried it. From the sound of it, you are not running any of the Samba daemons, so why do you need samba-tool ? Using samba-tool from a Samba domain member does work, it is just ldaps that doesn't seem to work for myself, probably because of an incorrect incantation ;-) Rowland
Jason Keltz
2020-Jul-23 18:31 UTC
[Samba] using samba-tool from a domain member other than the DC
Hi Rowland, I'm running smbd on the? DC.? I want to be able to do things like adding a user, dns entry, etc. from my workstation without logging into the DC. I can't get samba-tool to work with Kerberos, or ldaps, etc. Jason. On 7/23/2020 2:21 PM, Rowland penny via samba wrote:> On 23/07/2020 18:42, Jason Keltz via samba wrote: >> Hi. >> >> I left off from my original question... >> >> I've joined the domain using "realm join", and am not using winbind. >> >> I'm looking for the minimal configuration I need to have in smb.conf >> to be able to run samba-tool from a domain member. >> >> My /etc/krb5.conf contains: >> >> [libdefaults] >> >> default_realm = <my realm> >> >> dns_lookup_realm = false >> >> dns_lookup_kdc = true >> >> My /etc/smb.conf contains minimal: >> >> [global] >> >> workgroup=<my workgroup> >> >> security=ADS >> >> realm=<my realm> >> >> Have I missed providing some detail? >> >> Do I need to be running smbd to be able to use samba-tool from a >> domain member? >> >> Is nobody else using samba-tool from outside their DC that might be >> able to suggest why this doesn't work? >> >> Thanks, >> >> Jason. > > Not sure, I have never tried it. From the sound of it, you are not > running any of the Samba daemons, so why do you need samba-tool ? > > Using samba-tool from a Samba domain member does work, it is just > ldaps that doesn't seem to work for myself, probably because of an > incorrect incantation ;-) > > Rowland > > >-- Jason Keltz Manager of Development Department of Electrical Engineering & Computer Science York University, Toronto, Canada Tel: 416-736-2100 x. 33570 Fax: 416-736-5872
Rowland penny
2020-Jul-23 18:45 UTC
[Samba] using samba-tool from a domain member other than the DC
On 23/07/2020 19:31, Jason Keltz via samba wrote:> Hi Rowland, > > I'm running smbd on the? DC.? I want to be able to do things like > adding a user, dns entry, etc. from my workstation without logging > into the DC. > > I can't get samba-tool to work with Kerberos, or ldaps, etc.As I said, I cannot get ldaps to work (yet), but: rowland at devstation:~$ sudo samba-tool group add newgroup -H ldap://dc01.samdom.example.com -k yes [sudo] password for rowland: Added group newgroup 'devstation' isn't a DC ;-) Rowland