9/22/2023 0 Comments Arch linux samba![]() # Do not require that login usernames include the default domain # Allow a single, unified keytab to store obtained Kerberos tickets For our example domain configuration, use the following base settings (replace instances of INTERNAL and with appropriate values for your network): Samba configuration Base Samba configuration fileĪ default installation of samba does not ship with an example /etc/samba/smb.conf file. Continuing with the example domain configuration, modify the /etc/nf file with the following contents (be sure to replace instances of INTERNAL,, SERVER1, and with appropriate values for your network):Īdmin_server = SERVER1. Unfortunately, this does not work well in practice. ![]() The Samba documentation recommends a minimal Kerberos configuration, with just enough information in the section to hand off the work of discovering domain details to DNS. Restrict default kod limited nomodify nopeer noquery notrap etc/ntp.conf # Use your domain's NTP servers For the example domain configuration, an appropriate /etc/ntp.conf file should have the following contents (be sure to replace server1, server2, and with appropriate values for your network): A margin of error no more than five minutes is required. ![]() In an Active Directory domain, more specifically for Kerberos ticketing, it is imperative that time is synchronized with all other hosts on the network. You should get output similar to the following (adjust appropriately for only one DC, or more than two): If you elected to install the bind package, you can test DNS configuration with the following commands (be sure to replace server1 and with appropriate values for your network): For the example domain configuration, the following contents are appropriate (be sure to replace 192.168.1.1, 192.168.1.2, and with appropriate values for your network): Whether configured via DHCP or static configuration, ensure that these values are correct for your domain. It is imperative that the /etc/nf file is configured with both the correct DNS servers and a domain search suffix. ![]() Initial configuration of services DNS configurationĪctive Directory depends entirely on DNS for name resolution. ( timedatectl can be used as an alternative to ntp.)Īdditionally, while not required, the following packages will be useful for testing and troubleshooting: bind, krb5, and if a printing is desired (whether you want to share printers, or use printers on another Samba/Windows host), cups. In order to use samba effectively, you will need to install the following packages: samba, smbclient, and ntp. Consult your network administrator to verify correct values for DNS and NTP servers. Generally, DCs also hold the NTP role, but not always. In most small networks, the DCs (domain controllers) also hold the DNS server role.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |