SAMBA Domain Member

From Comprofix
Jump to: navigation, search

This guide will help you install and setup a SAMBA File Server as a Domain Member.

Installation

Follow the SAMBA Domain Controller guide until you reach the "Provision Samba AD DC for Your Domain" then you can stop.

Initial Configuration

Update /etc/krb5.conf

If you are joining a SAMBA Domain then you can copy your krb5.conf file from your SAMBA Domain controller.

Update samba conf

[global]
workgroup = TECMINT
realm = TECMINT.LAN
netbios name = ubuntu
security = ADS
dns forwarder = 192.168.1.1
idmap config * : backend = tdb        
idmap config *:range = 50000-1000000
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

Run testparm to ensure no errors with smb.conf

Update nsswitch.conf with winbind

Reboot System

Join the domain

net ads join -U administrator@EXAMPLE.LAN

Granting the SeDiskOperatorPrivilege Privilege

Only users and groups having the SeDiskOperatorPrivilege privilege granted can configure share permissions.

To grant the privilege to the Domain Admins group, enter:

net rpc rights grant "SAMDOM\Domain Admins" SeDiskOperatorPrivilege -U "SAMDOM\administrator"
Enter SAMDOM\administrator's password:
Successfully granted rights.