Difference between revisions of "SAMBA Domain Member"

From Comprofix
Jump to: navigation, search
(Created page with "This guide will help you install and setup a SAMBA File Server as a Domain Member. = Installation = Follow the SAMBA Domain Controller guide until you reach the "Provision Sa...")
 
 
Line 2: Line 2:
  
 
= Installation =
 
= Installation =
Follow the SAMBA Domain Controller guide until you reach the "Provision Samba AD DC for Your Domain" then you can stop.
+
Follow the [[SAMBA Domain Controller]] guide until you reach the "Provision Samba AD DC for Your Domain" then you can stop.
  
 
== Initial Configuration ==
 
== Initial Configuration ==

Latest revision as of 00:34, 14 June 2018

This guide will help you install and setup a SAMBA File Server as a Domain Member.

Installation

Follow the SAMBA Domain Controller guide until you reach the "Provision Samba AD DC for Your Domain" then you can stop.

Initial Configuration

Update /etc/krb5.conf

If you are joining a SAMBA Domain then you can copy your krb5.conf file from your SAMBA Domain controller.

Update samba conf

[global]
workgroup = TECMINT
realm = TECMINT.LAN
netbios name = ubuntu
security = ADS
dns forwarder = 192.168.1.1
idmap config * : backend = tdb        
idmap config *:range = 50000-1000000
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

Run testparm to ensure no errors with smb.conf

Update nsswitch.conf with winbind

Reboot System

Join the domain

net ads join -U administrator@EXAMPLE.LAN

Granting the SeDiskOperatorPrivilege Privilege

Only users and groups having the SeDiskOperatorPrivilege privilege granted can configure share permissions.

To grant the privilege to the Domain Admins group, enter:

net rpc rights grant "SAMDOM\Domain Admins" SeDiskOperatorPrivilege -U "SAMDOM\administrator"
Enter SAMDOM\administrator's password:
Successfully granted rights.