[Samba] Centos 6 + Samba 4 + Memeber server of AD 2008

Nicolas Pagliaro NPagliaro at espectador.com.uy
Mon Jul 8 09:49:13 MDT 2013


Hi, I am trying to add a fresh install Centos 6 to a Windows 2008 AD like a member

I follow this steps:

Yum install samba 4*
Then I modify smb.conf, krb5.conf and nsswitch.conf like this

Smb.conf

[global]

   workgroup = ESPECTADOR
   security = ADS
   realm = ESPECTADOR.COM.UY
   encrypt passwords = yes
   password server = serv1
   idmap config *:backend = tdb
   idmap config *:range = 10000-20000
   idmap config ESPECTADOR:backend = ad
   idmap config ESPECTADOR:schema_mode = rfc2307
   idmap config ESPECTADOR:range = 100000-200000

   winbind nss info = rfc2307
   winbind trusted domains only = no
#   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes
log level = 10
[test]
   path = /down
   read only = no




krb5.conf
[logging]
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log

[libdefaults]
     default_realm = ESPECTADOR.COM.UY
     dns_lookup_realm = true
     dns_lookup_kdc = true
     ticket_lifetime = 24h
     forwardable = yes


[realms]
ESPECTADOR.COM.UY = {
kdc = SERV1.ESPECTADOR.COM.UY:88
}

[domain_realm]
.SERV1.ESPECTADOR.COM.UY = ESPECTADOR.COM.UY

[appdefaults]
     pam = {
          debug = false
          ticket_lifetime = 36000
          renew_lifetime = 36000
          forwardable = true
          krb4_convert = false
     }



nsswitch.conf
passwd:     files winbind
shadow:     files winbind
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus


I have a ntp service running to have time sync with my DC.
I join the domain with no problem

I start smb and winbind = ok

But, if I try to see domain users I have this errors:

Wbinfo -u
(No data retund)

wbinfo -t
checking the trust secret for domain ESPECTADOR via RPC calls failed
error code was NT_STATUS_IO_DEVICE_ERROR (0xc0000185)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

Any idea?

Thanks









More information about the samba mailing list