[Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
Nicolas Pagliaro
NPagliaro at espectador.com.uy
Mon Jul 8 09:49:13 MDT 2013
Hi, I am trying to add a fresh install Centos 6 to a Windows 2008 AD like a member
I follow this steps:
Yum install samba 4*
Then I modify smb.conf, krb5.conf and nsswitch.conf like this
Smb.conf
[global]
workgroup = ESPECTADOR
security = ADS
realm = ESPECTADOR.COM.UY
encrypt passwords = yes
password server = serv1
idmap config *:backend = tdb
idmap config *:range = 10000-20000
idmap config ESPECTADOR:backend = ad
idmap config ESPECTADOR:schema_mode = rfc2307
idmap config ESPECTADOR:range = 100000-200000
winbind nss info = rfc2307
winbind trusted domains only = no
# winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
log level = 10
[test]
path = /down
read only = no
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ESPECTADOR.COM.UY
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
ESPECTADOR.COM.UY = {
kdc = SERV1.ESPECTADOR.COM.UY:88
}
[domain_realm]
.SERV1.ESPECTADOR.COM.UY = ESPECTADOR.COM.UY
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
I have a ntp service running to have time sync with my DC.
I join the domain with no problem
I start smb and winbind = ok
But, if I try to see domain users I have this errors:
Wbinfo -u
(No data retund)
wbinfo -t
checking the trust secret for domain ESPECTADOR via RPC calls failed
error code was NT_STATUS_IO_DEVICE_ERROR (0xc0000185)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
Any idea?
Thanks
More information about the samba
mailing list