Fwd: Samba4 and SSSD

To: debian-edu@lists.debian.org
Subject: Fwd: Samba4 and SSSD
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Fri, 02 Nov 2012 14:42:36 +0100
Message-id: <[🔎] 20121102144236.224169njnw3iz45o@mail.das-netzwerkteam.de>

Hi D-E developers,

cross-posting this piece of information to the d-e ML.

Mike

----- Weitergeleitete Nachricht von stgraber@ubuntu.com -----
     Datum: Fri, 21 Sep 2012 16:25:23 -0400
       Von: Stéphane Graber <stgraber@ubuntu.com>
   Betreff: Samba4 and SSSD
        An: Edubuntu Developers <edubuntu-devel@lists.ubuntu.com>

Hello,

At last UDS Jonathan gave me a work item to investigate the current
state of samba4 and sssd in Ubuntu 12.10.

I spent a bit of time the past two days looking at that and doing a
bunch of backports (in a PPA for now) for 12.04.

samba4 in Ubuntu 12.10 looks pretty good, it's relatively easy to
deploy, if you're lucky, debconf will even do the right thing.
Otherwise, just remove /etc/samba/smb.conf and call
/usr/share/samba/setup/provision manually.

Managing samba4 is reasonably easy with the samba-tool command shipped
with samba4. If you need more advanced configuration, the easiest is to
use a Windows machine with the active directory remote support tools
installed.

The easiest way to get Linux clients to work with samba4 is to start by
creating an unprivileged "binduser" account.
"samba-tool user add binduser" will do that for you.

Then on the client side, install sssd (apt-get install sssd) and write
something like that in /etc/sssd/sssd.conf:
---
[sssd]
domains = SAMBA
services = nss, pam
config_file_version = 2
sbus_timeout = 30
debug_level = 0

[nss]
default_shell = /bin/bash

[domain/SAMBA]
enumerate = false
cache_credentials = true
fallback_homedir = /home/%u

id_provider = ldap
auth_provider = krb5
chpass_provider = krb5

dns_discovery_domain = domain.net
krb5_realm = DOMAIN.NET

ldap_schema = ad
ldap_id_mapping = true
ldap_default_bind_dn = binduser@domain.net
ldap_default_authtok = password
ldap_user_gecos = displayName
ldap_force_upper_case_realm = true
---

As you can see, this relies on dns_discovery to find the server. If you
don't have all the right records in your DNS, you should be able to get
around that by also adding:
ldap_uri = ldaps://<ip>
krb5_server = <ip>

And then remove dns_discovery_domain.


I'm still working on getting Edubuntu Server into a nice shape so we can
try and ship it in Edubuntu 13.04 which will include a working samba4
server and an easy way to configure clients.

--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com



----- Ende der weitergeleiteten Nachricht -----


--

DAS-NETZWERKTEAM
mike gabriel, rothenstein 5, 24214 neudorf-bornstein
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: signature.asc
Description: OpenPGP digital signature

Attachment: pgpXiKHjU8fKI.pgp
Description: Digitale PGP-Unterschrift

Reply to:

Follow-Ups:
- Re: Samba4 and SSSD
  - From: Alejandro <aescanero@gmail.com>
- Re: Fwd: Samba4 and SSSD
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Coordination between developers in the Debian project
Next by Date: Re: password-changes visible in /var/log/messages
Previous by thread: Coordination between developers in the Debian project
Next by thread: Re: Samba4 and SSSD
Index(es):
- Date
- Thread