Applies to: All version of DirectControl and stock samba
Samba is an open source file and printer sharing program that has the ability to create and manage an Active Directory computer account, allowing a UNIX host to participate as an Active Directory Services (ADS) domain member.
Centrify DirectControl enables a UNIX host to participate as an Active Directory domain member by creating and managing a computer object. In addition DirectControl assigns UNIX attributes including UIDs and GIDs to Active Directory users and groups.
If Samba (configured as an AD domain member) and DirectControl are both installed on the same UNIX host without addressing their overlapping functionality, two problems arise:
- Samba and DirectControl both attempt to create and manage the same AD computer account object (based on the UNIX host name) causing one of the products to stop working.
- Conflicting UIDs and GIDs will be assigned to the same AD users and groups because the algorithms for generating these values differ between Samba and DirectControl, leading to file ownership confusion and access control problems.
The most simple way to address this issue would be to remove the stock samba and install the Centrify-enabled Samba package. However, if you want to have stock Samba and DIrectControl then each solution needs to use a different machine name. Below are detailed steps:
1) Run adjoin by specifying –n option.
adjoin -n <differentHostName> <domain-name>
2) Edit /etc/samba/smb.conf
Add a line under global section:
realm = <REALM>
security = ADS
3) Join the samba to AD ( Let samba use the default hostname )
net ads join –S <dns name of the domain controller> -U <Administrator%password>
As an example – assume the domain controller is dc.abc.com and the administrators password is ‘test’.
net ads join –S dc.abc.com -U administrator%test