Rowland Penny
2022-Jan-10 19:57 UTC
[Samba] Samba domain members and MIT Kerberos configuration...
On Mon, 2022-01-10 at 13:46 -0600, Patrick Goetz via samba wrote:> > On 12/27/21 06:54, Marco Gaiarin via samba wrote: > > I'm working on joining some RH-based box to an AD domain, starting > > from this > > list, the wiki and my debian knowledge. ;-) > > > > I'm speaking of MEMBERS, not DC! > > > > > > I've found some info googling around, but make reference to > > 'realmd' and > > 'oddjob' for configuration, that seems to me more 'wrappers' to > > help > > configuration, so probably can be subsitute with more plain 'net > > ads > > join' and 'pam_mkhomedir'. Correct? > > > > If you have selinux turned on, pam-mkhomedir won't work. This is why > RHEL created the oddjob thing. You however don't need realmd -- > that's > aimed at simplifying configuration. adcli works fine. You > especially > don't need realmd if you're going to use Samba.You do not need adcli either, just use 'net ads join' and I fail to to see how realmd would simplify configuration, red-hat seems to get smb.conf wrong whatever they do. Rowland
Patrick Goetz
2022-Jan-10 20:08 UTC
[Samba] Samba domain members and MIT Kerberos configuration...
On 1/10/22 13:57, Rowland Penny via samba wrote:> On Mon, 2022-01-10 at 13:46 -0600, Patrick Goetz via samba wrote: >> >> On 12/27/21 06:54, Marco Gaiarin via samba wrote: >>> I'm working on joining some RH-based box to an AD domain, starting >>> from this >>> list, the wiki and my debian knowledge. ;-) >>> >>> I'm speaking of MEMBERS, not DC! >>> >>> >>> I've found some info googling around, but make reference to >>> 'realmd' and >>> 'oddjob' for configuration, that seems to me more 'wrappers' to >>> help >>> configuration, so probably can be subsitute with more plain 'net >>> ads >>> join' and 'pam_mkhomedir'. Correct? >>> >> >> If you have selinux turned on, pam-mkhomedir won't work. This is why >> RHEL created the oddjob thing. You however don't need realmd -- >> that's >> aimed at simplifying configuration. adcli works fine. You >> especially >> don't need realmd if you're going to use Samba. > > You do not need adcli either, just use 'net ads join' and I fail to to > see how realmd would simplify configuration, red-hat seems to get > smb.conf wrong whatever they do. >Or use `samba-tool domain join SAMDOM.example.com MEMBER -U administrator` I think RHEL created realmd for sssd/idM users.> Rowland > > >