[Samba] member joined, but...
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 2 00:24:48 MDT 2014
Hai Rowland,
wel this is in it, is the same as for the 2 DC ( and are ips nameserver in resolv.conf )
resolv.conf
search internal.domain.tld
domain internal.domain.tld
nameserver 192.168.1.1
nameserver 192.168.1.2
krb5.conf
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = INTERNAL.DOMAIN.TLD
i dont get it.
software installed ( from the script i run )
apt-get install sernet-samba sernet-samba-winbind fam acl attr quota -y
samba set to classic.
did kerberos setup.
checked with klist -e
joined the domain with : net ads join -U Administrator
started up samba :
/etc/init.d/sernet-samba-smbd start
/etc/init.d/sernet-samba-nmbd start
/etc/init.d/sernet-samba-winbindd start
/etc/pam.d/samba
# copy from /etc/pam.d/common-auth - authentication settings common to all services
#
auth sufficient pam_winbind.so
auth [success=1 default=ignore] pam_unix.so nullok_secure use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
# copy from /etc/pam.d/common-account - authorization settings common to all services
#
account sufficient pam_winbind.so
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
# copy from /etc/pam.d/common-session - session-related modules common to all services
#
session required pam_mkhomedir.so
session required pam_winbind.so
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
wbinfo -u
wbinfo -g
is ok, i get the users and groups.
getent passwd works ( if i set uid/gid in the unix tab of the users/group)
so looks all fine to me... so whats going on.. i dont see it.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org]
>Namens L.P.H. van Belle
>Verzonden: dinsdag 1 april 2014 17:00
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] member joined, but...
>
>Hai,
>
>I have automated the install of my member server.
>Followed the wiki :
>https://wiki.samba.org/index.php/Samba/Domain_Member
>
>Everything works nicely, but... .. read on.. ;-)
>
>ok, so wiki says:
>https://wiki.samba.org/index.php/Setup_and_configure_file_shares
>
>and now im at the point : SeDiskOperatorPrivilege
>and .. for the DC's installed this worked without problems...
>
>but for the domain member. im getting ...
>
>net rpc rights list accounts -Uadministrator
>Enter administrator's password:
>Could not connect to server 127.0.0.1
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE
>
>net -S servername rpc rights list accounts -Uadministrator
>Enter administrator's password:
>Could not connect to server rtd-mem-001
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE
>
>net -S servername.internal.domain.tld rpc rights list accounts
>-Uadministrator
>Enter administrator's password:
>Could not connect to server servername.internal.domain.tld
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE
>
>and ofcourse setting the Se right didnt work
>
>net rpc rights grant 'MYDOMAIN\Domain Admins'
>SeDiskOperatorPrivilege -Uadministrator
>Enter administrator's password:
>Could not connect to server 127.0.0.1
>The username or password was not correct.
>Connection failed: NT_STATUS_LOGON_FAILURE
>
>
>so..
>/etc/hosts ( checked )
>/etc/nsswitch.conf ( checked )
>/etc/resolv.conf (check)
>/var/log/samba/ all logs checked, no errors at all.
>kinit Administrator ( checked )
>
>/etc/samba/smb.conf
>
>[global]
>
> workgroup = INTERNAL
> security = ADS
> realm = INTERNAL.DOMAIN.TLD
>
> idmap config *:backend = tdb
> idmap config *:range = 500001-800000
> idmap config BAZRTD:backend = ad
> idmap config BAZRTD:schema_mode = rfc2307
> idmap config BAZRTD:range = 10000-400000
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> #winbind enum users = yes
> #winbind enum groups = yes
>
> template shell = /bin/bash
> template homedir = /home/samba/DOMAIN/%USERNAME%
>
> # For ACL support on member server
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> # disable printing completely
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
>
>
>Anyone an idee?
>
>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list