[Novalug] Samba book
nick at hackermonkey.com
Wed Feb 29 20:27:18 EST 2012
I am fairly sure I do not understand Kerberos and how it ties to windows
AD and authentication. I am really not a windows administrator so I am
guessing in some places.
Ie: The machine name is "www01". It is fully "www01.test.domain.com".
Well if I join to AD, it goes in as "www01." Which means when I join
"www01.production.domain.com" I have a problem, two machines with the
same name in the AD. ... so I fudged the "netbios name" in smb.conf to
be something else. And that worked. But it was a bit of a guess, as I
didn't find clear instructions, just things like "run net join -U
admin at domain". No one said "This will join the machine to the domain
using the hostname". Only one document I found talked about setting
netbios name option. and now I find there is even an option I can pass
on net join to give it a netbios name.
In the end I was trying to allow two AD groups to map a share on a linux
box and have read/write access. Its done, and working, but only after I
tried about a million different formats of @"DOMAIN+group" and @"group"
and @Domain+"group". I think the first one finally worked but I swear I
had tried that 4 times previously. But who knows. I think I used commas
to separate groups at one try, which was wrong.
Its working now, I just want to rip apart what I did and know exactly
WHY its working. I am sure I will have to repeat this again and I am not
so keep on the old "copy that config, it works!". I was hoping a
manual/book might help explain the theory, and then the man pages will
explain the particulars.
On 02/29/2012 07:22 PM, Dan Lavu wrote:
> I always found the Samba documentation to be sufficient and I've been trying
> to sync FreeIPA and Samba but the documentation is very limited when doing
> this. I've love to know what you are trying to do and how it's configured
> and maybe we can shed some light on how it works?
> To my understanding ADS is old for NT4/2000 domains which used Kerberos, or
> if you want to use Kerberos. Domain security mode builds a trust based upon
> machine accounts on the domain, you must join and should be able to view all
> users using wbinfo.
> Either way I always found the O'Reilly books to be enlightening.
> -----Original Message-----
> From: novalug-bounces at calypso.tux.org
> [mailto:novalug-bounces at calypso.tux.org] On Behalf Of Nick Danger
> Sent: Wednesday, February 29, 2012 6:03 PM
> To: NOVALUG
> Subject: [Novalug] Samba book
> I have been battling samba most of the day. Mostly because the examples I am
> finding aren't what it was I need to do. And then they only explain the
> options they use, if I am lucky. I finally figured it out, by combining
> several different web pages and some documentation from samba.org itself.
> Oddly I am still using DOMAIN and not ADS for authentication option because
> I couldn't get ADS to do crap, no matter what page said otherwise.
> So, I am checking for a good samba manual. And most seem to be a little
> older. Is that because Samba really hasn't changed much? I don't want to get
> some out of date manual, so if anyone has recommendations I would appreciate
> I want to understand what I did and not just go "well I made it work but
> beats me as to which trick did it."
> Novalug mailing list
> Novalug at calypso.tux.org
More information about the Novalug