[Samba] doubt

Rowland Penny rpenny at samba.org
Mon Apr 17 18:21:30 UTC 2017 

On Mon, 17 Apr 2017 14:57:45 -0300
Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:

> Well, i dont have sssd installed.

OK, now we know that ;-)

> 
> With winbind i install this packages:
> yum install realmd oddjob oddjob-mkhomedir adcli samba-common
> samba-common-tools krb5-workstation openldap-clients
> policycoreutils-python samba-winbind-clients

I use Devuan and install these:

samba acl attr quota fam winbind libpam-winbind libpam-krb5
libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools

You probably have the red-hat versions of these packages installed, but
it might be worth checking.
 
> 
> My nsswitch.conf
> 
> passwd:     files ldap winbind
> shadow:     files ldap winbind
> group:        files ldap winbind

Remove 'ldap' you do not need it and it will use 'ldap' before 'winbind'


> > > # My mini tutorial
> > >
> > > #########################
> > > (First test)
> > > #########################
> > >
> > > realm join --client-software=winbind -U login NONAME.COM.BR
> > > realm list
> > > authconfig --enablewinbindusedefaultdomain --update
> > >
> > > wbinfo -t
> > > wbinfo -g
> > > wbinfo -u
> > >
> > > Work (join in domain, and list groups and users)

You need to get 'getent' to show your users & groups, until they are
shown, your OS doesn't know them.

> > >
> > > i can use for authentication ssh and apache (work)

Use the info on the wiki page I posted for apache.

> > >
> > > ### My problem
> > > Acually File with winbind
> > >
> > >    workgroup = NONAME
> > >    realm = NONAME.COM.BR
> > >    security = ads
> > >    idmap config * : range = 16777216-33554431
> > >    template homedir = /home/%U@%D
> > >    template shell = /bin/bash
> > >    kerberos method = secrets only
> > >    winbind use default domain = true
> > >    winbind offline logon = true

Use 'security = ads' and add something like

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config NONAME : backend = rid
idmap config NONAME : range = 10000-999999

You can change the ranges if you like, but there is no real point.
Incidentally, the range you used '167777216-33554431' looks like the
numbers sssd uses.

Please read the wiki pages I pointed you to, if you follow them, you
should end up with a working system that does what you require.

Rowland

More information about the samba mailing list