[Samba] Confused about what I am seeing with domain names

Nico De Wilde nico at openix.be
Fri Feb 3 16:05:11 GMT 2006


David,

Can you add the following lines to your krb5.conf:

[realms]
DOMAIN.COM = {
  kdc = ip.of.your.dc:88
  admin_server = ip.of.your.dc:749
  default_domain = domain.com
 }

Regards,

Nico
  ----- Original Message ----- 
  From: David Shapiro 
  To: Nico Wilde 
  Sent: Friday, February 03, 2006 4:50 PM
  Subject: Re: [Samba] Confused about what I am seeing with domain names


  I am trying to get a aix samba server to join an ads domain. I think I see what the DOMAIN_NETWORK is.  wbinfo -D for it shows it is not an ads server whereas the DOMAIN one is an ads server.  That one is not showing information because kerberos cannot find the kdc for some reason that I can't figure out.  It does have SRV records in dns.  

  Here is the krb5.conf file I am using:

  mit krb5:

  [libdefaults]
          default_realm = DOMAIN.COM

  [realms]
          DOMAIN.COM = {
                  kdc = adsserver.domain.com
                  admin_server = adsserver.domain.com
          }

  [domain_realm]
          .domain.com = DOMAIN.COM
          domain.com = DOMAIN.COM

  [logging]
          kdc = CONSOLE


  smb.conf:

  [global]
          workgroup = DOMAIN
          netbios name = sambaserver
          socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
          idmap uid = 10000-20000
          idmap gid = 10000-20000
          idmap backend = ad
          # os level = 65
          winbind enum users = yes
          winbind enum groups = yes
          #winbind uid = 10000-20000
          #winbind gid = 10000-20000
          winbind separator = /
          encrypt passwords = yes
          server string = samba server
          security = ADS
          # security = domain
          realm = DOMAIN.COM
          password server = adsserver.domain.com
          preferred master = no
          log file = /usr/local/samba/var/log.%m
          log level = 10
          max log size = 50
          local master = No
          dns proxy = No
          wins server = wins02 wins03
          wins proxy = no
          name resolve order = hosts wins lmhosts bcast
          aio read size = 1
          aio write size = 1
          template homedir = /home/winnt/%D/%U
          template shell = /bin/bash

  [homes]
          path = /home/%u
          read only = No


  David Shapiro
  Unix Team Lead
  919-765-2011

  >>> "Nico De Wilde" <nico at openix.be> 2/3/2006 9:55:15 AM >>>

  David,

  Please post your smb.conf / nsswitch.conf/krb5.conf

  What are you trying to achieve? Joining a samba server to a Windows AD 
  domain?

  Please provide some more information.

  Thx.

  Regards,

  Nico


  ----- Original Message ----- 
  From: "David Shapiro" <David.Shapiro at bcbsnc.com>
  To: <samba at lists.samba.org>
  Sent: Friday, February 03, 2006 3:49 PM
  Subject: [Samba] Confused about what I am seeing with domain names


  >I could not get wbinfo -g/u to work and was seeing a bunch of errors
  > related to to not being able to enumerate groups.  I saw somebody use
  > idmap backend = ad and added this since I have been struggling to get ad
  > working (still not working).  Now, when I run wbinfo -g/-u, I am getting
  > groups and users, but the domain it shows is different than what I
  > expected.  My domain I was using for workgroup line is DOMAIN, for
  > example, but wbinfo -g returns back:
  >
  > DOMAIN_NETWORK/group
  >
  > Is _NETWORK something that samba added, or is theis the name of the
  > domain I should really be using?  I did a grep on wbinfo -u for my user,
  > and it returned my user too.  If my domain is actually DOMAIN_NETWORK,
  > is it possible my realm is not domain.com but domain_network.com or
  > something weird like that?  Should I change my workgroup line to use
  > domain_network?  I still can't get my kinit to find my kdc.  I am
  > wondering if I clear this up maybe my kdc kinit command will work.  Note
  > that I did ask my nt admin to run dns nslookup checks on
  > _ldap.domain.com and _kerberos.domain.com, and those did return the
  > correct results showing domain.com should be my realm.
  >
  > David
  >
  >
  >
  > David Shapiro
  > Unix Team Lead
  > 919-765-2011
  > -- 
  > To unsubscribe from this list go to the following URL and read the
  > instructions:  https://lists.samba.org/mailman/listinfo/samba 

  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list