[Samba] samba + kerberos + active directory with multiple domains
Winkel, Richard J.
winkelr at missouri.edu
Mon Oct 28 10:21:24 MDT 2013
Could someone just send me a working config that works with multiple ad
domains? Anything would be helpful...
Thanks!
Rich
On 10/26/13 1:32 PM, Winkel, Richard J. wrote:
> I've almost got this thing working. I have it set up on a centos machine to authenticate logins and automounts to windows file servers. But it won't allow me to specify a domain as part of the userid. I can set a default domain in smb.conf and logging into that domain works like a champ. And I can list the other domains with "wbinfo --online-status" (not sure what "offline" means but I can list the groups even in the offline domains). But if I turn off the default domain in smb.conf
> winbind use default domain = false
> and specify a delimiter
> winbind separator = \
> and try "wbinfo -a somedomain\\someuser" I get "no such user". I assume the local /etc/passwd file has to include the domain\userid as well, correct? But maybe wbinfo -a doesn't reference the local passwd file.
> In any case, here are krb5.conf and smb.conf. Can someone tell me what I'm missing?
> Many thanks for any help!!!
>
>
> ### /etc/krb5.conf ###
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = COL.MISSOURI.EDU
> dns_lookup_realm = false
> dns_lookup_kdc = false
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
>
> [realms]
> COL.MISSOURI.EDU = {
> kdc = col.missouri.edu
> admin_server = col.missouri.edu
> default_domain = col.missouri.edu
> kdc = col.missouri.edu
> }
>
> [domain_realm]
> .missouri.edu = COL.MISSOURI.EDU
> missouri.edu = COL.MISSOURI.EDU
>
> col.missouri.edu = COL.MISSOURI.EDU
> .col.missouri.edu = COL.MISSOURI.EDU
>
> [kdc]
> profile= /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
> pam = {
> debug=false
> ticket_lifetime=36000
> renew_lifetime=36000
> forwardable=true
> krb4_convert=false
> }
>
> ### /etc/samba/smb.conf ###
>
> [global]
> workgroup = UMC-USERS
> password server = col.missouri.edu
> realm = COL.MISSOURI.EDU
> security = ADS
> allow trusted domains = yes
> idmap config *:backend = rid
> idmap config *:range = 1000-60000
> idmap uid = 60001-100000
> idmap gid = 60001-100000
> winbind use default domain = false
> winbind offline logon = true
> winbind separator = \
> netbios name = ZENA
> server string = Rouder Centos Samba Server Version %v
> interfaces = 128.206.38.63
> hosts allow = 128.206. 10.7.
> log file = /var/log/samba/log.%m
> max log size = 50
> preferred master = no
> encrypt passwords = yes
> log level 3
> local master = no
> preferred master = no
> dns proxy = no
> template shell = /bin/bash
> server string = Rouder Centos
> server signing = auto
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
>
More information about the samba
mailing list