[Samba] Windows 2016 RSAT not connect with samba4 DC

Rommel Rodriguez Toirac rommelrt at nauta.cu
Mon Nov 30 20:32:44 UTC 2020 

El 30 de noviembre de 2020 14:19:19 GMT-05:00, Rowland penny via samba <samba at lists.samba.org> escribió:
>On 30/11/2020 19:09, Rommel Rodriguez Toirac wrote:
>> El 30 de noviembre de 2020 13:41:09 GMT-05:00, Rowland penny via
>samba <samba at lists.samba.org> escribió:
>>> On 30/11/2020 18:21, Rommel Rodriguez Toirac wrote:
>>>>    I do not have installed sssd. I use winbind.
>>>>
>>> in which case, edit /etc/nsswitch.conf and make the passwd, shadow
>and
>>> group lines look like this:
>>>
>>> passwd:      files winbind systemd
>>> shadow:      files
>>> group:       files winbind systemd
>>>
>>> remove every mention of 'sss'
>>>
>>> Rowland
>>
>>
>>   Done, now look like this:
>>
>>
>>   [root at gtmad1 sbin]# cat /etc/nsswitch.conf
>> #
>> # /etc/nsswitch.conf
>> #
>> # An example Name Service Switch config file. This file should be
>> # sorted with the most-used services at the beginning.
>> #
>> # The entry '[NOTFOUND=return]' means that the search for an
>> # entry should stop if the search in the previous entry turned
>> # up nothing. Note that if the search failed due to some other reason
>> # (like no NIS server responding) then the search continues with the
>> # next entry.
>> #
>> # Valid entries include:
>> #
>> #       nisplus                 Use NIS+ (NIS version 3)
>> #       nis                     Use NIS (NIS version 2), also called
>YP
>> #       dns                     Use DNS (Domain Name Service)
>> #       files                   Use the local files in /etc
>> #       db                      Use the pre-processed /var/db files
>> #       compat                  Use /etc files plus *_compat
>pseudo-databases
>> #       hesiod                  Use Hesiod (DNS) for user lookups
>> #       sss                     Use sssd (System Security Services
>Daemon)
>> #       [NOTFOUND=return]       Stop searching if not found so far
>> #
>> # 'sssd' performs its own 'files'-based caching, so it should
>> # generally come before 'files'.
>>
>> # To use 'db', install the nss_db package, and put the 'db' in front
>> # of 'files' for entries you want to be looked up first in the
>> # databases, like this:
>> #
>> # passwd:    db files
>> # shadow:    db files
>> # group:     db files
>>
>> passwd:     files winbind systemd
>> shadow:     files
>> group:      files winbind systemd
>>
>> hosts:      files dns myhostname
>>
>> bootparams: files
>>
>> ethers:     files
>> netmasks:   files
>> networks:   files
>> protocols:  files
>> rpc:        files
>> services:   files sss
>>
>> netgroup:   sss
>>
>> publickey:  files
>>
>> automount:  files sss
>> aliases:    files
>>
>>
>You still have 'sss' in the file, you do not need them if you don't
>have 
>sssd installed, I would change 'netgroup: sss' to 'netgroup: nis' and 
>remove the other 'sss'
>
>Rowland




 After send the messages I was change the file and lets it like this:


 [root at gtmad1 var]# cat /etc/nsswitch.conf   
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files in /etc
#       db                      Use the pre-processed /var/db files
#       compat                  Use /etc files plus *_compat pseudo-databases
#       hesiod                  Use Hesiod (DNS) for user lookups
#       sss                     Use sssd (System Security Services Daemon)
#       [NOTFOUND=return]       Stop searching if not found so far
#
# 'sssd' performs its own 'files'-based caching, so it should
# generally come before 'files'.

# To use 'db', install the nss_db package, and put the 'db' in front
# of 'files' for entries you want to be looked up first in the
# databases, like this:
#
# passwd:    db files
# shadow:    db files
# group:     db files

passwd:     files winbind
shadow:     files
group:      files winbind
initgroups  files

hosts:      files dns myhostname

bootparams: nisplus files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nis

publickey:  nisplus


automount:  files nisplus
aliases:    files nisplus

 But, it not work when I run getent command:


[root at gtmad1 var]# wbinfo -p
Ping to winbindd succeeded  


[root at gtmad1 var]# getent passwd "ATGTM00\\rommel.rodriguez"

[root at gtmad1 var]# getent group "ATGTM00\\Domain Users"


... and still do not connect from Windows (7) using RSAT neather from Windows 2016 Server Admin Tools/Active Directory Users and Computer tool.


-- 
Rommel Rodriguez Toirac
rommelrt at nauta.cu

More information about the samba mailing list