[Samba] samba + kerberos + active directory with multiple domains
Winkel, Richard J.
winkelr at missouri.edu
Sat Oct 26 12:32:06 MDT 2013
I've almost got this thing working. I have it set up on a centos machine to authenticate logins and automounts to windows file servers. But it won't allow me to specify a domain as part of the userid. I can set a default domain in smb.conf and logging into that domain works like a champ. And I can list the other domains with "wbinfo --online-status" (not sure what "offline" means but I can list the groups even in the offline domains). But if I turn off the default domain in smb.conf
winbind use default domain = false
and specify a delimiter
winbind separator = \
and try "wbinfo -a somedomain\\someuser" I get "no such user". I assume the local /etc/passwd file has to include the domain\userid as well, correct? But maybe wbinfo -a doesn't reference the local passwd file.
In any case, here are krb5.conf and smb.conf. Can someone tell me what I'm missing?
Many thanks for any help!!!
### /etc/krb5.conf ###
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = COL.MISSOURI.EDU
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
COL.MISSOURI.EDU = {
kdc = col.missouri.edu
admin_server = col.missouri.edu
default_domain = col.missouri.edu
kdc = col.missouri.edu
}
[domain_realm]
.missouri.edu = COL.MISSOURI.EDU
missouri.edu = COL.MISSOURI.EDU
col.missouri.edu = COL.MISSOURI.EDU
.col.missouri.edu = COL.MISSOURI.EDU
[kdc]
profile= /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug=false
ticket_lifetime=36000
renew_lifetime=36000
forwardable=true
krb4_convert=false
}
### /etc/samba/smb.conf ###
[global]
workgroup = UMC-USERS
password server = col.missouri.edu
realm = COL.MISSOURI.EDU
security = ADS
allow trusted domains = yes
idmap config *:backend = rid
idmap config *:range = 1000-60000
idmap uid = 60001-100000
idmap gid = 60001-100000
winbind use default domain = false
winbind offline logon = true
winbind separator = \
netbios name = ZENA
server string = Rouder Centos Samba Server Version %v
interfaces = 128.206.38.63
hosts allow = 128.206. 10.7.
log file = /var/log/samba/log.%m
max log size = 50
preferred master = no
encrypt passwords = yes
log level 3
local master = no
preferred master = no
dns proxy = no
template shell = /bin/bash
server string = Rouder Centos
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
More information about the samba
mailing list