First, I had a fully working exactly as expected version at one point. I
had the ssh authentication working with the creation of the home
directories on install and a domain member (also Debian). I didn't write
down my instructions because... I was just trying to get it to work. It
actually wasn't hard that time. For some reason, it is difficult now. I
am starting with a clean Debian 11 DVD install
(debian-11.0.0-amd64-DVD-1.iso). After completing the install, I start
running through the wiki. What I found is that the wiki doesn't give
instructions to install Samba and key packages (unless I missed it) but it
gave all those dependencies I mentioned. I'm not sure why now the new
install is having issues so I'm starting with a clean vm.
Domain Controller
1. Install debian-11.0.0-amd64-DVD-1.iso
1. Are there some specific configurations that I need to set here
that I missed the 2nd and 3rd time?
2. Fix apt so that it doesn't try to pull from dvd
3. apt-get update (just because)
4. Go through wiki
5. Hostname = DSDC01
6. Domain Name = HOME.TEST-SERVER.LAN
7. IP Address = 10.0.0.19
8. apt install samba winbind libnss-winbind libpam-winbind libpam-krb5
ntp binutils ldb-tools krb5-user
9. samba-tool domain provision --server-role=dc --use-rfc2307
--dns-backend=SAMBA_INTERNAL --realm=HOME.TEST-SERVER.LAN --domain=HOME
--adminpass=1243Password
10. Need to install smbclient 'apt install smbclient'
All goes well, it seems.
Domain Member
Samba is not installed. Wiki doesn't suggest which packages to install but
I installed the same packages suggested in the previous response #8.
Everything was fine til I get to reverse lookup
[Tue Oct 26 00:19:13] [root at DSDM05~$] nslookup 10.0.0.19
** server can't find 19.0.0.10.in-addr.arpa: NXDOMAIN
[Tue Oct 26 00:18:20] [root at DC01~$] samba-tool dns zonecreate 10.0.0.19
0.0.10.in-addr.arpa
Password for [administrator at HOME.TEST-SERVER.LAN]:
ERROR(runtime): uncaught exception - (9609,
'WERR_DNS_ERROR_ZONE_ALREADY_EXISTS')
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186,
in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 735,
in
run
res = dns_conn.DnssrvOperation2(client_version, 0, server, None,
samba-tool dns add home.test-server.lan 0.0.10.in-addr.arpa 19 PTR
home.test-server.lan
Now reverse lookup is fine: 19.0.0.10.in-addr.arpa name home.test-server.lan.
[Tue Oct 26 00:50:35] [root at DSDM05/etc$] net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- HOME
Joined 'DSDM05' to dns domain 'home.test-server.lan'
DNS Update for dsdm05.home.test.server.lan failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
Kerberos and Samba
https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
1. /etc/security/pam_winbind.conf doesn't exist (full stop)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Mon, Oct 25, 2021 at 5:19 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Mon, 2021-10-25 at 16:49 -0400, Rob Campbell wrote:
> > I wasn't building Samba. I was trying to install via apt-get but
the
> > wiki doesn't say which to install. Not which version bc I know
they
> > change but 'samba samba-server samba-client smbclient' etc.
> >
> > Are you saying I shouldn't install via package manager?
>
> No, I am saying that it is easier to install via package, but the Samba
> wiki is mostly written from the point of view of building Samba
> yourself. It is expected that the distros should provide their own
> instructions on how to use Samba.
>
> On Debian based distros, you need to install these packages:
> samba winbind libnss-winbind libpam-winbind libpam-krb5 ntp binutils
> ldb-tools krb5-user
>
> These will pull in other packages.
>
> However, to get the latest Samba versions (and keep getting them, Samba
> is a rapidly moving package), you need to either build it yourself or
> to use an external repo. Louis's repo is a good one for
> Debian/Ubuntu/Raspbian, there are others. some you have to pay for,
> others, like Louis's, are free (though Louis will be grateful for a
> donation).
>
> You seem to be having problems in setting up your domain, something
> which is easy, but I would say that, wouldn't I, I know what to do.
> What I need to do, is to pass that knowledge on to you. To do that, can
> you tell us what you have already done and what doesn't work. You may
> feel that you have already done this, but lets start again and get it
> all in one place.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>