Where to get samba-winbind rpm package for RHEL 6.2
Hi,
I have installed RedHat Linux Enterprise 6.2(Santiago)
Kernel Linux 2.6.32-220.el6.x86_64
My objective is to integrate this redhat machine with active directory.
For this i want the samba-winbind package.
Where can i get the samba-winbind package ??
PLZZ HELP!!!!!!!
Any help could be appreciated
Responses
A 'yum install samba' on my 6.4 system installs samba and all dependencies, which includes samba-winbind. So Tom is right, it's also on the media.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
samba x86_64 3.6.9-167.el6_5 rhel-x86_64-workstation-6 5.0 M
Updating for dependencies:
libsmbclient x86_64 3.6.9-167.el6_5 rhel-x86_64-workstation-6 1.6 M
samba-common x86_64 3.6.9-167.el6_5 rhel-x86_64-workstation-6 10 M
samba-winbind x86_64 3.6.9-167.el6_5 rhel-x86_64-workstation-6 2.1 M
samba-winbind-clients
x86_64 3.6.9-167.el6_5 rhel-x86_64-workstation-6 2.0 M
Transaction Summary
================================================================================
Install 1 Package(s)
Upgrade 4 Package(s)
Total download size: 21 M
Is this ok [y/N]:
If you create a repo from the install media (and make sure it is mounted) you can use the yum command. I recommend you try adding your install DVD as a repo - it will make things much easier for the situation you are in.
http://unixrevolution.blogspot.com/2012/03/use-dvd-as-yum-repo.html
Otherwise, yum expects repos to exist which you will not have until your host has a valid subscription.
Err... If you were planning to only use just the LDAP interface to AD, why were you mucking about with the winbind utilities? The winbind method is for binding your Linux host to an AD domain in a manner that's highly-similar/equivalent to how you'd natively join a Windows system to an Active Directory domain.
As to your error, I think you need to read the man pages. I haven't used net join in ages (my employer's AD tends to be too large/complex for the winbind that comes with RHEL to deal with), but I believe that, if your DNS is set up correctly, use of the "-w" argument, by itself, is sufficient. You'd mostly use the "-S" if your DNS isn't providing pointer to a valid domain controller name/address.
If you're wanting to bind via a specific domain controller, I'd probably try executing just net ads join -S DC.F.Q.D.N -U Administrator (where "DC.F.Q.D.N" is the fully-qualified domain name of a specific Active Directory domain controller).
Domain joins tend to work best when your winbind client has both A and PTR records and those records match what the target domain controller sees the prospective AD client as.
RedHat has an entire whitepaper on various scenarios for "Integrating Redhat Enterprise Linux 6 with Active Directory"; see e.g.
https://www.redhat.com/resourcelibrary/reference-architectures/integrating-red-hat-enterprise-linux-6-with-active-directory
The interactions between Kerberos, Samba, PAM, NSS and the login process are fairly complicated.
The short version for the winbind+kerberos scenario with uid/gid values from LDAP and Samba file shares is:
* on the windows side, run 2008 R2 or later. Turn on "identity management for unix" role service
* configure /etc/krb5.conf to point at your realm
* verify that "kinit Administrator" works
* run "yum install authconfig-gtk"; in authconfig-gtk pick winbind/ads
* adjust /etc/samba/smb.conf with appropriate idmap settings
* run net ads join -k; then start services smb, nmb, windbind
* add unix attributes to some windows users
* maybe adjust /etc/security/limits.conf to require particular windows groups for login
-- Jim Leinweber, WI State Lab of Hygiene
For authentication in RHEL 6 I would advise against using Winbind and instead use sssd (option 3 section 6.3 page 56 in the link provided by James) where/if possible. Taking pam_winbind out of the equation made the whole experience far less painful.
Unfortunately the document posted has a manual process for adding the computer to the Windows domain (it's from the Windows server side, not the client side) so it is not the best resource to use (page 62 is the start of the process to generate the keytab on the Windows server itself, this section should ideally be re-written).
This section should be replaced with steps to use Samba/Winbind to join the domain and acquire the keytab (then Winbind can be discarded from the process). As it stands, the manual Windows server process can't easily be integrated into the build process to automatically bind new servers/workstations to the domain.
Unfortunately the document has the following caveat rather than using Samba/Winbind to acquire the keytab:
"The second approach requires the Samba client package and a properly configured Samba configuration. For these reasons, the third approach is utilized here"
-edit-
Document has been updated (v1.5) and has the full process for adding a server to the domain which is an excellent addition!
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
