[Samba] Winbind + sernet Samba4 + CentOS 6.5 + AD
Stephen Garcia
sgmorale at ringling.edu
Thu Aug 28 13:29:19 MDT 2014
So, update on this issue
As it currently stands, I have a working setup. Install process and configs
will follow but before, the major changes that I can think of:
sernet-samba4:
used 4.1.10 instead of 4.1.11
instead of the yum install using the sernet repo to install, had to
individually install the rpm's for the 4.1.10 version
smb.conf:
instead of using 'ad' as the backend, used 'rid'
idmap config DOMAIN:backend = rid
clearing of samba 3.6
previously I had not removed samba-winbind-clients or samba-commons,
this time I removed everything samba
Of these I want to test the smb.conf change and the clearing out all samba
related packages on the 4.1.11 version. Might be that those changes will
make it work fine, as of now, im rolling with the 4.1.10 version due to
being on a schedule (and the saying: "if it aint broke, dont fix it").
Commands and configs as follows (some information masked with dummy names)
=============
yum remove samba4-libs samba-winbind-clients samba-winbind samba-client
samba-common
... wget the rpm packages ...
rpm -ivh sernet-samba-common-4.1.10-8.el6.x86_64.rpm
rpm -ivh sernet-samba-libs-4.1.10-8.el6.x86_64.rpm
rpm -ivh sernet-samba-libsmbclient0-4.1.10-8.el6.x86_64.rpm
rpm -ivh sernet-samba-client-4.1.10-8.el6.x86_64.rpm
rpm -ivh sernet-samba-winbind-4.1.10-8.el6.x86_64.rpm
rpm -ivh sernet-samba-4.1.10-8.el6.x86_64.rpm
Verify verisions:
# /usr/sbin/smbd -V
Version 4.1.10-SerNet-RedHat-8.el6
# rpm -qa | grep sern
sernet-samba-libs-4.1.10-8.el6.x86_64
sernet-samba-4.1.10-8.el6.x86_64
sernet-samba-common-4.1.10-8.el6.x86_64
sernet-samba-libsmbclient0-4.1.10-8.el6.x86_64
sernet-samba-winbind-4.1.10-8.el6.x86_64
sernet-samba-client-4.1.10-8.el6.x86_64
Edit /etc/samba/smb.conf
[global]
netbios name = whost
workgroup = DOMAIN
security = ADS
realm = DOMAIN.RINGLING.EDU
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 2000-4999
idmap config DOMAIN:backend = rid
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 100000-200000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
force create mode = 0660
force directory mode = 0770
Edit /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
Edit /etc/default/sernet-samba
SAMBA_START_MODE="classic"
Edit /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.RINGLING.EDU
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
DOMAIN.RINGLING.EDU = {
kdc = *domain.controller.fqdn*
admin_server = *domain.controller.fqdn*
}
[domain_realm]
.domain.ringling.edu = DOMAIN.RINGLING.EDU
domain.ringling.edu = DOMAIN.RINGLING.EDU
Edit /etc/sysconfig/selinux
SELINUX=disabled
Edit /etc/security/limits.conf (add at the end)
* - nofile 16384
=====================
After doing the 'net ads join -U administrator' command, verified all
wbinfo commands that were not working before, including the 'id user'
command and they all work and return the expected information.
Im really curious on trying again 4.1.11 with those changes but wont have
time right now, eventually ill get to it.
Thanks for the back and forth, hopefully this server doesnt break now that
its working.
-Stephen
Stephen E. Garcia-Morales
sgmorale at ringling.edu
Ringling College of Art and Design
.'. Nosce Te Ipsvm .'.
On Thu, Aug 28, 2014 at 11:42 AM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:
>
> I am fairly sure that if you give 'Domain Users' a gidNumber, then it will
> start to work, you will not get anything from 'getent group' but 'getent
> group Domain\ Users' should return the groups info.
>
> Rowland
>
>
>>
More information about the samba
mailing list