Hi D-E developers, cross-posting this piece of information to the d-e ML. Mike ----- Weitergeleitete Nachricht von stgraber@ubuntu.com ----- Datum: Fri, 21 Sep 2012 16:25:23 -0400 Von: Stéphane Graber <stgraber@ubuntu.com> Betreff: Samba4 and SSSD An: Edubuntu Developers <edubuntu-devel@lists.ubuntu.com> Hello, At last UDS Jonathan gave me a work item to investigate the current state of samba4 and sssd in Ubuntu 12.10. I spent a bit of time the past two days looking at that and doing a bunch of backports (in a PPA for now) for 12.04. samba4 in Ubuntu 12.10 looks pretty good, it's relatively easy to deploy, if you're lucky, debconf will even do the right thing. Otherwise, just remove /etc/samba/smb.conf and call /usr/share/samba/setup/provision manually. Managing samba4 is reasonably easy with the samba-tool command shipped with samba4. If you need more advanced configuration, the easiest is to use a Windows machine with the active directory remote support tools installed. The easiest way to get Linux clients to work with samba4 is to start by creating an unprivileged "binduser" account. "samba-tool user add binduser" will do that for you. Then on the client side, install sssd (apt-get install sssd) and write something like that in /etc/sssd/sssd.conf: --- [sssd] domains = SAMBA services = nss, pam config_file_version = 2 sbus_timeout = 30 debug_level = 0 [nss] default_shell = /bin/bash [domain/SAMBA] enumerate = false cache_credentials = true fallback_homedir = /home/%u id_provider = ldap auth_provider = krb5 chpass_provider = krb5 dns_discovery_domain = domain.net krb5_realm = DOMAIN.NET ldap_schema = ad ldap_id_mapping = true ldap_default_bind_dn = binduser@domain.net ldap_default_authtok = password ldap_user_gecos = displayName ldap_force_upper_case_realm = true --- As you can see, this relies on dns_discovery to find the server. If you don't have all the right records in your DNS, you should be able to get around that by also adding: ldap_uri = ldaps://<ip> krb5_server = <ip> And then remove dns_discovery_domain. I'm still working on getting Edubuntu Server into a nice shape so we can try and ship it in Edubuntu 13.04 which will include a working samba4 server and an easy way to configure clients. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com ----- Ende der weitergeleiteten Nachricht ----- -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
signature.asc
Description: OpenPGP digital signature
Attachment:
pgpXiKHjU8fKI.pgp
Description: Digitale PGP-Unterschrift