[Samba] Samba 3.0.33 works, 3.5.4 doesn't
Jonathan Buzzard
jonathan at buzzard.me.uk
Thu Apr 19 09:47:56 MDT 2012
On Thu, 2012-04-19 at 10:20 -0400, John Oliver wrote:
> I'm trying to get AD authentication working on a RHEL 5.4 base system
>
> I can wbinfo -[ug] and getent {passwd|group} with 3.0.33 Everything
> appears to work just fine, except I could not actually authenticate...
> I'd always get failed password. A lot of Googling turned up a bug that
> indicated that it was impossible to get 3.0.33 to authenticate against a
> W2K8 AD, so I installed 3.5.4 Same smb.conf, same krb5.conf... but I
> cannot join the domain. net ads status works, but net ads join tells
> me:
>
Your smb.conf is wrong needs to look something like the following. This
is covered in the man pages these days.
# deal with NSS and the whole UID/SID id mapping stuff
idmap backend = tdb
idmap uid = 2000000 - 2999999
idmap gid = 2000000 - 2999999
idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : schema_mode = rfc2307
idmap config MYDOMAIN : readonly = yes
idmap config MYDOMAIN : range = 500 - 1999999
idmap cache time = 604800
idmap negative cache time = 20
winbind cache time = 600
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind offline logon = false
You of course need to have the RFC2307 attributes populated in the AD
for this to work, and a winbind entry in /etc/nsswitch and winbind
running.
Note that you should upgrade to RHEL5.8 immediately and make sure that
you have samba3x-3.5.10-0.108.el5_8 installed unless you want your box
to be rooted by the first passer by.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list