[Samba] samba server with two kerberos realms
Rowland penny
rpenny at samba.org
Tue Mar 1 22:23:35 UTC 2016
On 01/03/16 21:08, Chad William Seys wrote:
> Hi Rowland,
> Below is output of testparm. Samba is set up as standalone server.
Sorry but it isn't a standalone server.
>
> # testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[generic]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
See, even 'testparm' says it isn't.
> Press enter to see a dump of your service definitions
>
> [global]
> realm = PHYSICS.WISC.EDU
> server string = %h server
> server role = standalone server
> security = ADS
> map to guest = Bad User
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> kerberos method = secrets and keytab
> syslog = 0
> max log size = 100000
> client ldap sasl wrapping = sign
> dns proxy = No
> panic action = /usr/share/samba/panic-action %d
> idmap config * : backend = tdb
>
>
>
> [generic]
>
> path = /srv/smb
Are you using sssd or nslcd ?
If not, where are the idmap & winbind lines ?
Also on a domain member (this is what you have), you cannot use ' unix
password sync', mainly because you can have users etc in AD or in
/etc/passwd, but not both.
To answer your original question, no I don't think you can have two
'Realms'. What you can have are trusts, I suggest you start here to see
how to setup smb.conf correctly:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
Rowland
More information about the samba
mailing list