samba - Dec 2021 - Samba domain members and MIT Kerberos configuration...

On Mon, 2021-12-27 at 13:54 +0100, Marco Gaiarin via samba
wrote:
> I'm working on joining some RH-based box to an AD domain, starting
> from this
> list, the wiki and my debian knowledge. ;-)
What rh-based box ?
RHEL ?
Centos ?
Fedora ?
What version ?
> 
> I'm speaking of MEMBERS, not DC!
No need to shout :-D
> 
> 
> I've found some info googling around, but make reference to
'realmd'
> and
> 'oddjob' for configuration, that seems to me more
'wrappers' to help
> configuration, so probably can be subsitute with more plain 'net ads
> join' and 'pam_mkhomedir'. Correct?
Sort of, you should (in my opinion) use 'net ads join' to join the
computer to the domain, but you will need to use 'oddjob' on red-hat
distros. You will also need to correctly set up the smb.conf file.
> 
> 
> Also, i've found no specific kerberos configuration, apart the hint
> to add
> this:
> 
> [plugins]
> 
>     localauth = {
> 
>         module > winbind:/usr/lib64/samba/krb5/winbind_krb5_localauth.so
> 
>         enable_only = winbind
> 
>     }
> 
You probably do not need that.
> (and installing samba-winbind-krb5-locator rpm package).
> 
> 
> In the samba wiki i've not found some hint about mit kerberos
> configuration.
This is probably because the setup isn't much different on Unix domain
members.

Rowland

Mandi! Rowland Penny via samba
  In chel di` si favelave...
> What rh-based box ?
Oracle Linux 7, 8 servers and some Fedora clients.

> Sort of, you should (in my opinion) use 'net ads join' to join the
> computer to the domain, but you will need to use 'oddjob' on
red-hat
> distros. You will also need to correctly set up the smb.conf file.
Ah, ok. Of course, i've not speaked about it, but i supposed a correctly
smb.conf file setup in place.

> This is probably because the setup isn't much different on Unix domain
> members.
...but i was used in debian/ubuntu to let heimdal kerberos debhelper to
setup /etc/krb5.conf. A krb5.conf setup for heimdal/debian will work for
RH/MIT?

I'm a bit confused about that... and the samba wiki say only:

	https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_Kerberos

that seems minimal to me.


Sorry, thanks.

-- 
  Gli ippopotami non fanno niente, basta la presenza
  ippopotami non si nasce, si diventa			(R. Vecchioni)