Changes

Jump to navigation Jump to search
no edit summary
Line 19: Line 19:  
===Maintainer===
 
===Maintainer===
 
initial work of Bunkobugsy
 
initial work of Bunkobugsy
   
===Version===
 
===Version===
 
<!-- keep this first element as is, you can add some if needed -->
 
<!-- keep this first element as is, you can add some if needed -->
 
{{#smeversion: {{#var:smecontribname}} }}
 
{{#smeversion: {{#var:smecontribname}} }}
  −
   
===Description===
 
===Description===
 
This package provides templates for samba Active Directory support. More details found [https://bugs.koozali.org/show_bug.cgi?id=12798 here].
 
This package provides templates for samba Active Directory support. More details found [https://bugs.koozali.org/show_bug.cgi?id=12798 here].
Line 30: Line 27:  
It will replace upstream samba packages with AD enabled ones from [https://sig-fasttrack.rocky.page SIG/FastTrack] repo. More details found [https://git.resf.org/sig_fasttrack/meta/issues/2 here].
 
It will replace upstream samba packages with AD enabled ones from [https://sig-fasttrack.rocky.page SIG/FastTrack] repo. More details found [https://git.resf.org/sig_fasttrack/meta/issues/2 here].
    +
A secondary samba.service will use separate samba data directories, set up via a distinct samba configuration.
 +
 +
This ensures that samba-dc instance won't interfere with normal filesharing samba services provided by SME core.
 +
 +
User accounts created in SME will be kept in sync with the LDAP service provided by samba Active Directory.
 +
 +
Users logged in to domain joined Windows PCs will have access to SME's samba shares via their namesake usernames and matching passwords.
 +
https://wiki.koozali.org/Client_Authentication:Windows#Login_to_shared_resources
 
===Installation===
 
===Installation===
 
<tabs container><tab name="For SME 11">
 
<tabs container><tab name="For SME 11">
Line 50: Line 55:  
  config show samba
 
  config show samba
   −
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :
+
Some of the properties are not shown, but are defaulted in a template or a script. Here is a list with default and expected values :
 
{| class="wikitable"
 
{| class="wikitable"
 
!property
 
!property
Line 91: Line 96:  
Make sure realm does not match any secondary domain set up or it will be overwritten.
 
Make sure realm does not match any secondary domain set up or it will be overwritten.
   −
WARNING: make sure to change Windows workgroup name before provisioning because domain rename is not supported.
+
WARNING: make sure to change Windows workgroup name before provisioning because domain rename is not supported and is possible for now only with complete domain reset and loss of all machine accounts.
 
  provision
 
  provision
 
===Testing===
 
===Testing===
Line 102: Line 107:  
  sambatool user list
 
  sambatool user list
 
  sambatool computer list
 
  sambatool computer list
 +
If all went well you can proceed to joining Windows PCs to the domain using domain administrator and password.
 +
 
Other tools available for debugging
 
Other tools available for debugging
 +
ifconfig
 +
systemctl status samba
 
  sambatool
 
  sambatool
 
  syncadusers
 
  syncadusers
69

edits

Navigation menu