[Samba] Confused about what I am seeing with domain names -
--getdcname fails for ad server
David Shapiro
David.Shapiro at bcbsnc.com
Fri Feb 3 16:06:15 GMT 2006
Should I expect to see when I run wbinfo --getdcname=domain it return a
domain controller for an ad server? It does return a server name for
domain_network, the non-ad server.
David Shapiro
Unix Team Lead
919-765-2011
>>> David Shapiro 2/3/2006 10:50:51 AM >>>
I am trying to get a aix samba server to join an ads domain. I think I
see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an ads
server whereas the DOMAIN one is an ads server. That one is not showing
information because kerberos cannot find the kdc for some reason that I
can't figure out. It does have SRV records in dns.
Here is the krb5.conf file I am using:
mit krb5:
[libdefaults]
default_realm = DOMAIN.COM
[realms]
DOMAIN.COM = {
kdc = adsserver.domain.com
admin_server = adsserver.domain.com
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
[logging]
kdc = CONSOLE
smb.conf:
[global]
workgroup = DOMAIN
netbios name = sambaserver
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap backend = ad
# os level = 65
winbind enum users = yes
winbind enum groups = yes
#winbind uid = 10000-20000
#winbind gid = 10000-20000
winbind separator = /
encrypt passwords = yes
server string = samba server
security = ADS
# security = domain
realm = DOMAIN.COM
password server = adsserver.domain.com
preferred master = no
log file = /usr/local/samba/var/log.%m
log level = 10
max log size = 50
local master = No
dns proxy = No
wins server = wins02 wins03
wins proxy = no
name resolve order = hosts wins lmhosts bcast
aio read size = 1
aio write size = 1
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
[homes]
path = /home/%u
read only = No
David Shapiro
Unix Team Lead
919-765-2011
>>> "Nico De Wilde" <nico at openix.be> 2/3/2006 9:55:15 AM >>>
David,
Please post your smb.conf / nsswitch.conf/krb5.conf
What are you trying to achieve? Joining a samba server to a Windows AD
domain?
Please provide some more information.
Thx.
Regards,
Nico
----- Original Message -----
From: "David Shapiro" <David.Shapiro at bcbsnc.com>
To: <samba at lists.samba.org>
Sent: Friday, February 03, 2006 3:49 PM
Subject: [Samba] Confused about what I am seeing with domain names
>I could not get wbinfo -g/u to work and was seeing a bunch of errors
> related to to not being able to enumerate groups. I saw somebody
use
> idmap backend = ad and added this since I have been struggling to get
ad
> working (still not working). Now, when I run wbinfo -g/-u, I am
getting
> groups and users, but the domain it shows is different than what I
> expected. My domain I was using for workgroup line is DOMAIN, for
> example, but wbinfo -g returns back:
>
> DOMAIN_NETWORK/group
>
> Is _NETWORK something that samba added, or is theis the name of the
> domain I should really be using? I did a grep on wbinfo -u for my
user,
> and it returned my user too. If my domain is actually
DOMAIN_NETWORK,
> is it possible my realm is not domain.com but domain_network.com or
> something weird like that? Should I change my workgroup line to use
> domain_network? I still can't get my kinit to find my kdc. I am
> wondering if I clear this up maybe my kdc kinit command will work.
Note
> that I did ask my nt admin to run dns nslookup checks on
> _ldap.domain.com and _kerberos.domain.com, and those did return the
> correct results showing domain.com should be my realm.
>
> David
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list