[Novalug] Samba book

[Nick Danger]

I am fairly sure I do not understand Kerberos and how it ties to windows 
AD and authentication. I am really not a windows administrator so I am 
guessing in some places.

Ie: The machine name is "www01". It is fully "www01.test.domain.com". 
Well if I join to AD, it goes in as "www01." Which means when I join 
"www01.production.domain.com" I have a problem, two machines with the 
same name in the AD. ... so I fudged the "netbios name" in smb.conf to 
be something else. And that worked. But it was a bit of a guess, as I 
didn't find clear instructions, just things like "run net join -U 
admin at domain". No one said "This will join the machine to the domain 
using the hostname". Only one document I found talked about setting 
netbios name option. and now I find there is even an option I can pass 
on net join to give it a netbios name.

In the end I was trying to allow two AD groups to map a share on a linux 
box and have read/write access. Its done, and working, but only after I 
tried about a million different formats of @"DOMAIN+group" and @"group" 
and @Domain+"group". I think the first one finally worked but I swear I 
had tried that 4 times previously. But who knows. I think I used commas 
to separate groups at one try, which was wrong.

Its working now, I just want to rip apart what I did and know exactly 
WHY its working. I am sure I will have to repeat this again and I am not 
so keep on the old "copy that config, it works!". I was hoping a 
manual/book might help explain the theory, and then the man pages will 
explain the particulars.

Nick


On 02/29/2012 07:22 PM, Dan Lavu wrote:
> Nick,
>
> I always found the Samba documentation to be sufficient and I've been trying
> to sync FreeIPA and Samba but the documentation is very limited when doing
> this. I've love to know what you are trying to do and how it's configured
> and maybe we can shed some light on how it works?
>
> To my  understanding ADS is old for NT4/2000 domains which used Kerberos, or
> if you want to use Kerberos. Domain security mode builds a trust based upon
> machine accounts on the domain, you must join and should be able to view all
> users using wbinfo.
>
> Either way I always found the O'Reilly books to be enlightening.
>
>
> Dan
>
> -----Original Message-----
> From: novalug-bounces at calypso.tux.org
> [mailto:novalug-bounces at calypso.tux.org] On Behalf Of Nick Danger
> Sent: Wednesday, February 29, 2012 6:03 PM
> To: NOVALUG
> Subject: [Novalug] Samba book
>
> I have been battling samba most of the day. Mostly because the examples I am
> finding aren't what it was I need to do. And then they only explain the
> options they use, if I am lucky. I finally figured it out, by combining
> several different web pages and some documentation from samba.org itself.
> Oddly I am still using DOMAIN and not ADS for authentication option because
> I couldn't get ADS to do crap, no matter what page said otherwise.
>
> So, I am checking for a good samba manual. And most seem to be a little
> older. Is that because Samba really hasn't changed much? I don't want to get
> some out of date manual, so if anyone has recommendations I would appreciate
> it.
>
> I want to understand what I did and not just go "well I made it work but
> beats me as to which trick did it."
>
> Nick
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>