[SOLVED] SAMBA Winbind ADS Windows 2003 Server UBUNTU
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a question. I tried for 2x6 hours (2 days) to fix this problem and searched all over the internet.
I have a WIN2003 Server as a primary domaincontroller: DOMEIN.NET
The IP address is 192.168.1.2
FQDN: win2003.domein.net
Username: Administrator
Password: P@ssword
and I have a UBUNTU machine.
IP address is 192.168.1.3
FQDN: ubuntus2.domein.net
Username: ubuntu
Password: P@ssword
Root username: root
Password: P@ssword
UBUNTUS2 is connected to the domainname DOMEIN.NET with use of LIKEWISE-OPEN.
Now I want to use SAMBA with WINBIND (of course IF this is possible).
I want to use SAMBA for FILE/PRINTER SHARING and to logon UBUNTU with WIN2003 ADS users. This does work with LIKEWISE, but I want to use SAMBA.
I am using webmin to configure different options, this is to make it simple for myself, because my knowledge of UBUNTU is basic, and really need some GUI interfaces.
When I try to bind my UBUNTU machine to the domain with the use of WINBIND i get the following error:
Quote:
Unable to find a suitable server for domain DOMEIN.NET
Unable to find a suitable server for domain DOMEIN.NET
This is my smb.conf file:
Quote:
[global]
idmap gid = 10000-20000
idmap uid = 10000-20000
invalid users = root
password server = win2003.domein.net
wins server = 192.168.1.2
workgroup = domein.net
security = ADS
debuglevel = 2
wins support = no
# Winbind settings
# For testing
# A shared folder for testing purposes
[SharedFolder]
path = /home/onno2/Shared_Folder
available = yes
public = yes
writable = yes
force create mode = 0666
force directory mode = 0777
I believe there is no use of KERBEROS, but I am not sure..
What am I doing wrong here? Can anyone help me out please? Thank you !
Actually, when you want to join Linux machine to Windows domain, it uses Kerberos authentication. Show me your /etc/krb5.conf and I will tell you where the problem is.
P.S. I suppose you have your /etc/hosts and /etc/resolv configured properly?
Actually, when you want to join Linux machine to Windows domain, it uses Kerberos authentication. Show me your /etc/krb5.conf and I will tell you where the problem is.
P.S. I suppose you have your /etc/hosts and /etc/resolv configured properly?
Hello, thisi is my krb5.conf file.
PHP Code:
[libdefaults] default_realm = DOMEIN.NET
# The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true
# The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java).
# The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true
# The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java).
Hello, I made the necessary changes, but I still have the same result:
Do I need to make several changes to Windows 2003 Server aswell?
Make smb.conf look like that, then restart winbind and samba services.
[global]
idmap gid = 10000-20000
idmap uid = 10000-20000
password server = 192.168.1.2
workgroup = DOMEIN
realm = DOMEIN.NET
encrypt passwords = yes
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
security = ADS
debuglevel = 2
wins support = no
# Winbind settings
# For testing
# A shared folder for testing purposes
[SharedFolder]
path = /home/onno2/Shared_Folder
available = yes
public = yes
writable = yes
force create mode = 0666
force directory mode = 0777
Then try "net ads join -U Administrator" (without quotes, of course =) )
root@ubuntus2:~# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- DOMEIN
Joined 'UBUNTUS2' to realm 'domein.net'
Thank you very much.. !!!!!!!!!!
Well I am joined now, do I still require likewise-open ?
Because without it, I cannot logon Ubuntu with a ADS username..
As of the release of MS Windows 2000 and Active Directory, this information is now stored in a directory that can be replicated and for which partial or full administrative control can be delegated. Samba-3 is not able to be a domain controller within an Active Directory tree, and it cannot be an Active Directory server. This means that Samba-3 also cannot act as a BDC to an Active Directory domain controller.
Yes, I did google for a quite time (since my last post).
However it seems it does not fix my problem.
Samba is more diffferent then LDAP I guess?
Thanks anyways... I am still looking for an answer.. It is frustating
I do not understand what you mean to say Samba is more different than LDAP?
Yes it is. Samba is typically used to share files and folders with windows. Or for windows networking.
Please go through this link to know what is LDAP.
I do not understand what you mean to say Samba is more different than LDAP?
Yes it is. Samba is typically used to share files and folders with windows. Or for windows networking.
Please go through this link to know what is LDAP.
Well I want to following:
I want my Active Directory users able to logon Ubuntu server.
Also I want to share folders with my ubuntu machine to the desired Active Directory users.
It seems I need LDAP for this.
Before I can use LDAP, I needed to make my ubuntu machine a memberserver first, which is now.
I tried to google for this, also a reason why my post took such a long time. But I couldn't find any usefull information. There is information, but it is all outdated...
I hope any one you can help me with this problem.
I really need LDAP fixing.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.