Difference between revisions of "Samba4 BDC"
From Stadm
Jump to navigationJump to search| Line 34: | Line 34: | ||
==nssswitch== | ==nssswitch== | ||
*enumerate users in getent passwd | *enumerate users in getent passwd | ||
| + | *link winbind so nsswitch can see | ||
| + | ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so | ||
| + | ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 | ||
| + | *check that it is linked | ||
| + | ldconfig -v | grep winbind | ||
| + | |||
*edit /etc/nssswitch to contain | *edit /etc/nssswitch to contain | ||
passwd: files winbind | passwd: files winbind | ||
shadow: files | shadow: files | ||
group: files winbind | group: files winbind | ||
Revision as of 11:05, 24 June 2014
Required Packages
Kerberos
- make backup of kerberos conf
cp /etc/krb5.conf /etc/krb5.bak
- add realm to kerberos file /etc/krb5.conf
cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
- change ${REALM} variable to your realm
- test that you can kinit
kinit administrator
- type password then klist to check if you have ticket
klsit
Join DC to domain
- if kerberos is working check that you can see the PDC dns entries
- then join DC to domain
samba-tool domain join example.edu DC -Uadministrator --realm=example.edu
- should end with
Joined domain EXAMPLE (SID ...) as a DC
Transfer Roles
- DNS entries must ne setup before you can transfer roles, samba must be running (check log before for any errors)
*see who has what roles samba-tool fsmo show
- transfer them all(can also transfer individual roles)
samba-tool fsmo transfer --role=all
nssswitch
- enumerate users in getent passwd
- link winbind so nsswitch can see
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2
- check that it is linked
ldconfig -v | grep winbind
- edit /etc/nssswitch to contain
passwd: files winbind shadow: files group: files winbind
