Samba 4 DC AD LDAP Installation on Ubuntu 20.04
HTML-код
- Опубликовано: 28 авг 2024
- This video walks you through the process of installing Samba 4 with LDAP (not OpenLDAP) on Linux. We show you the common mistakes and the way we got past them. I should preface this with "I'm not expert :-)" to be fair. I've only recently just learned this process myself. This video is as much a tutorial for my future self (when I need it again) as it is for you.
As promised within this video, this is the method I use to freeze /etc/resolv.conf so Linux dhcp doesn't force changes on it • Linux Create A Static ...
Sir, you just got a new subscriber.
Back in 2012, I was following up on the Samba 4.0 version (tons of errors). I remember I got with some Linux friends and we tried some of what you just did. We even tried to get in contact with the official samba team in Germany but we couldn't.
Anyhow, my point is that I get the spirit of what you're doing and it's just GREAT.
That's the spirit of science, sharing, and helping, which is among the best things that we, humans have.
Thanks again, I totally enjoyed the video.
Thank you, I regret that I have but one up vote to give
Hello, I am from Armenia, a small country. The video helped me a lot to build my server system, thank you very much. I am a network administrator for cisco systems. respect to people like you
Thank you. I appreciate the good words!
thank you so much for a clear tut!!
I know this is 11 months old, and you're demonstrating what's already been learned from the journey, but I could have helped you spawning a Linux AD DC. I've done more than a few builds, and have been using this alternative at home since 2016. I'll admit though, that I might be jumping into posting prior to watching fully, because what lead me to this video in of it's self, is a solution or a means to an end to yield LDAP auth from a non-MS AD DC, while I've used earlier builds that have been stable for many years, and so it's my understanding that in more recent releases, this might be accomplished.
Edit* the Techmint articles were just the references I needed to make my first a reality, going back to Debian 8 even back in 16...I think they've offered revisions to their original articles with each kernel version of Debian (applicable to Ubuntu usually). I will say, in the case of joining other Debian/Ubuntu clients to the domain, is that after Debian 9, it became increasingly difficult to do so because of issues with Winbind (if you preferred to authenticate to the guest via a domain user), while the option to use sssd instead to join a Debian/Ubuntu client does work too.
Very informative! Great Video! Thank you!
Great tutorial - it worked where others didn't. One thing, though, is I was unable to join the newly created domain from my Windows VM until I put the IP address of the domain controller in as the DNS server on the Windows VM. I already have a recursive DNS server on my network and don't want to use the DC for that.
I'm not sure about that use case. In my case I believe the DNS Server is a required component of the DC's functionality. Is it possible you only need Samba for the file sharing aspect of it?
Thank you 😁
Great video, keep it up!
Thank you!
Thanks for your great tutorial. Can you explain why for the hostname in steps 2 & 3 of the Kerberos install you only put the FQDN and not the hostname.FQDN? Your video and the tutorial you link too are the only ones whom exclude the hostname of the server from these settings and I was wondering what the reason behind your exclusion was. Thanks
Kerberos issues tickets for the AD domain, not the individual server.
would be really nice if the purge.yml or at least the commands were somewhere to copy, otherwise good video
unusual job~CompuMatter,!))
thanks for a tutoriel. please give us the file that content the commands then we can copy to paste. and then we canreduice fail
If you like your resolve.conf not to change, you need to unlink it or rm it, and write it new.
We are working on a test project at the moment, where we built a samba ad-dc, dhcp server, mail server and clients.
All on Linux, using 21.10.
So, our problem is, we do not really know, how to make roaming profiles.
And another problem is, that the password authentication mostly fails when a user
tries to login.
Also, the mail server finds the user, but his password
is not accepted.
May you can help with a video. :-)
Are you able to use rsat on a domain joined workstation to manage this with the ad users and computers gui?
Yes. Active Directory Users and Computers on a Windows computer can be used to manager users and groups from that point forward if you wish. We use it that way half the time.
@@servermatter4465 is that addc from Microsoft or another ldap system?
Interesting to create a symlink to the krb5 conf even though the sambatool explicitely states "#2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!". World is weired
Does that work the same as with the winbind protocol? I mean authenticating domain users and groups?
Can I use this as an authentication method for my mssql server?
Great video.
I need directions on setting up the AD controller (WindowsTH-KB2693643-x64.msu) to authenticate across an NFS connection.
I will describe my setup.
Server1 (SAMBA)
Server2 (SAMBA-DC)
SAMBA1 (NFS Server)
SAMBA2 (NFS-Common)
I mapped drives on SAMBA2 from SAMBA1.
Using MS remote AD, I created users, groups, and OUs that map drives when a user login. I know this sounds vague, but it all works to that point.
I am having difficulty with permission within the OUs in SAMBA2 DC not populating over to SAMBA1, so even though the drives are mapped, the users cannot write or execute within the folders.
Are there tutorials that can provide comprehensive directions on this particular issue?
Can you at least see the file share folders?
I have found when having user problems you should create a test user and group using Linux to start. See if the Windows tools are failing you in some way. I have experienced this. Also be sure file share permissions are right. If unsure set at 770 recursive and test.
need a little help:
Where do I find the users authentication log when they log on to SAMBA AD ?
Is it enabled by default? If not, how to enable ?
any help is appreciated. You don't have to explain, just share links if you have.
Thanks
Run this one-liner:
sudo tail -f /var/log/samba/log.smbd /var/log/samba/log.nmbd /var/log/samba/log.winbindd
Should give you some feedback. Good luck.
A directory listing of sudo ls -l /var/log/samba
shows you something like this...
drwx------ 5 root root 5 Apr 12 04:28 cores
-rw-r--r-- 1 root root 491 Apr 12 04:29 log.
-rw-r--r-- 1 root root 0 Apr 17 00:00 log.nmbd
-rw-r--r-- 1 root root 431 Apr 12 04:29 log.nmbd.1
-rw-r--r-- 1 root root 1826461 Jul 28 11:18 log.samba
-rw-r--r-- 1 root root 5065100 May 29 00:00 log.samba.1
-rw-r--r-- 1 root root 269395 May 22 00:00 log.samba.2.gz
-rw-r--r-- 1 root root 232831 May 14 18:59 log.samba.3.gz
-rw-r--r-- 1 root root 10267220 Jul 28 09:48 log.samba.old
-rw-r--r-- 1 root root 1952356 Jul 28 11:19 log.smbd
-rw-r--r-- 1 root root 8941915 May 29 00:00 log.smbd.1
-rw-r--r-- 1 root root 307244 May 22 00:00 log.smbd.2.gz
-rw-r--r-- 1 root root 299431 May 14 18:59 log.smbd.3.gz
-rw-r--r-- 1 root root 10260224 Jul 28 09:23 log.smbd.old
-rw-r--r-- 1 root root 6329554 Jul 28 11:18 log.wb-BUILTIN
-rw-r--r-- 1 root root 5541079 Jul 28 11:19 log.wb-OFFICE
-rw-r--r-- 1 root root 10242478 Jul 22 17:34 log.wb-OFFICE.old
-rw-r--r-- 1 root root 844 Apr 12 04:29 log.wb-SERVERMATTER
-rw-r--r-- 1 root root 6942665 Jul 28 11:19 log.winbindd
-rw-r--r-- 1 root root 4509743 May 29 00:00 log.winbindd.1
-rw-r--r-- 1 root root 80071 May 22 00:00 log.winbindd.2.gz
-rw-r--r-- 1 root root 413076 May 14 18:58 log.winbindd.3.gz
-rw-r--r-- 1 root root 1527403 Jun 8 13:13 log.winbindd-idmap
-rw-r--r-- 1 root root 10247826 Jul 25 19:11 log.winbindd.old
did you have bind9 installed?
no