Samba4 and SSSD
Stéphane Graber
stgraber at ubuntu.com
Fri Sep 21 20:25:23 UTC 2012
Hello,
At last UDS Jonathan gave me a work item to investigate the current
state of samba4 and sssd in Ubuntu 12.10.
I spent a bit of time the past two days looking at that and doing a
bunch of backports (in a PPA for now) for 12.04.
samba4 in Ubuntu 12.10 looks pretty good, it's relatively easy to
deploy, if you're lucky, debconf will even do the right thing.
Otherwise, just remove /etc/samba/smb.conf and call
/usr/share/samba/setup/provision manually.
Managing samba4 is reasonably easy with the samba-tool command shipped
with samba4. If you need more advanced configuration, the easiest is to
use a Windows machine with the active directory remote support tools
installed.
The easiest way to get Linux clients to work with samba4 is to start by
creating an unprivileged "binduser" account.
"samba-tool user add binduser" will do that for you.
Then on the client side, install sssd (apt-get install sssd) and write
something like that in /etc/sssd/sssd.conf:
---
[sssd]
domains = SAMBA
services = nss, pam
config_file_version = 2
sbus_timeout = 30
debug_level = 0
[nss]
default_shell = /bin/bash
[domain/SAMBA]
enumerate = false
cache_credentials = true
fallback_homedir = /home/%u
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
dns_discovery_domain = domain.net
krb5_realm = DOMAIN.NET
ldap_schema = ad
ldap_id_mapping = true
ldap_default_bind_dn = binduser at domain.net
ldap_default_authtok = password
ldap_user_gecos = displayName
ldap_force_upper_case_realm = true
---
As you can see, this relies on dns_discovery to find the server. If you
don't have all the right records in your DNS, you should be able to get
around that by also adding:
ldap_uri = ldaps://<ip>
krb5_server = <ip>
And then remove dns_discovery_domain.
I'm still working on getting Edubuntu Server into a nice shape so we can
try and ship it in Edubuntu 13.04 which will include a working samba4
server and an easy way to configure clients.
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/edubuntu-devel/attachments/20120921/d96d606d/attachment.pgp>
More information about the edubuntu-devel
mailing list