LinuxQuestions.org - samba4: joining domain controller to itself

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - samba4: joining domain controller to itself (https://www.linuxquestions.org/questions/linux-server-73/samba4-joining-domain-controller-to-itself-4175551716/)

samba4: joining domain controller to itself

I must be missing something, but I don't seem to be able to find how to join the linux server on which samba4 domain controller is running to the domain. Can anyone give me a few pointers?

My current smb.conf looks like as follows:

Code:

[global]

        workgroup = HOME

        realm = HOME.LAN

        netbios name = DC

        server role = active directory domain controller

        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate

        idmap_ldb:use rfc2307 = yes

        allow dns updates = nonsecure and secure

        dns forwarder = 127.0.0.1

        printing = CUPS

        printcap name = /dev/null



        host msdfs = yes

        vfs object = dfs_samba4



[dfs]

        comment = DFS Root Share

        path = /export/dfsroot

        msdfs root = yes

        browseable = yes

        read only = no



[public]

        path = /export/samba/public

        public = yes

        writable = yes

        browseable = yes

        create mode = 0660

        directory mode = 0770



[profiles]

        path = /export/samba/profiles

        read only = no



[netlogon]

        path = /var/lib/samba/sysvol/home.lan/scripts

        read only = No



[sysvol]

        path = /var/lib/samba/sysvol

        read only = No

To get this far, I have been using the tutorial that could be found at http://www.thejonas.net/?page_id=618. But it is only for other servers and clients, not for the domain controller itself.

you are saing that you have installed samba 4 domain on linux machine and it it not in domain? when you check from windows machine in ad users and coputers under domain cotrollers OU you cannot see your DC?

I can see the DC in 'ad users and computers', but I am not able to login to the server with AD credentials, which is important to be able to set permissions on a share.

sorry so stupid question but to log on locally if it is not admin account microsoft has policy account must be granted permissions to log on locally. I connect from pc to manage shares with computer management console. and how are you going to logon to server?

may be i dont understand but you cannot login to server it is just backend

So you cannot log on the linux server that is running the domain with a domain administrator account, because it is the domain controller? That makes no sense to me at all. That's not the a DC works in Windows either. Furthermore you have to create the share on the server, when it is created you can set file system permissions and share permissions. The first one is what I would like to do and the second one is arranged within the samba configuration. So yes, setting the share permissions is not the problem. The file system permissions is needed because some users can also connect in different ways to 'share' without using Samba.