[Samba] CentOS Samba as Domain Member

Rowland Penny rowlandpenny at googlemail.com
Fri Feb 14 06:23:10 MST 2014 

On 14/02/14 12:38, Bjoern.Becker at easycash.de wrote:
> Hi,
>
> yes, I installed it via yum. But the links under /lib were not available:
>
> rpm -qa | grep samba
> samba-winbind-clients-3.6.9-167.el6_5.x86_64
> samba-3.6.9-167.el6_5.x86_64
> samba4-libs-4.0.0-60.el6_5.rc4.x86_64
> samba-client-3.6.9-167.el6_5.x86_64
> samba-winbind-3.6.9-167.el6_5.x86_64
> samba-common-3.6.9-167.el6_5.x86_64
>
> Wondering a bit about samba4-libs....
Did samba4-libs get installed automatically ?
>
> I connecting against a active directory.
>
> # smb.conf
> #======================= Global Settings =====================================
> 	
> [global]
> 	
> 	workgroup = DOM_RAT
> 	server string = Samba Server Version %M
>          security = ADS
> 	realm = DOM.DE
>          workgroup = DOM_RAT
> 	winbind separator = +
> 	winbind enum users = yes
> 	winbind enum groups = yes
> 	template homedir = /home/%D/%U
> 	template shell = /bin/bash
> 	client use spnego = yes
> 	client ntlmv2 auth = yes
> 	encrypt passwords = yes
> 	winbind use default domain = yes
> 	restrict anonymous = 2
> 	domain master = no
> 	local master = no
> 	preferred master = no
> 	os level = 0
> 	winbind offline logon = no
OK, you need to add something like this:

         kerberos method = secrets and keytab
         winbind expand groups = 4
         winbind nss info = rfc2307
         winbind refresh tickets = Yes
         winbind normalize names = Yes
         idmap config DOM_RAT:schema_mode = rfc2307
         idmap config DOM_RAT:range = 500-40000
         idmap config DOM_RAT:backend = ad
         idmap config *:range = 70001-80000
         idmap config *:backend = tdb

Then restart samba, this will rely on the RFC2307 uidNumber & gidNumber 
attributes being available in AD, if not change 'idmap config 
DOM_RAT:backend = ad' to ' idmap config DOM_RAT:backend = rid'

Also have you added 'winbind' to the passwd & group lines in 
/etc/nsswitch.conf ?

Rowland

>
> Mit freundlichen Grüßen / Best regards
> Björn
>
>
> -----Ursprüngliche Nachricht-----
> Von: Rowland Penny [mailto:rowlandpenny at googlemail.com]
> Gesendet: Freitag, 14. Februar 2014 13:34
> An: Becker, Björn; samba at lists.samba.org
> Betreff: Re: [Samba] CentOS Samba as Domain Member
>
> On 14/02/14 11:54, Bjoern.Becker at easycash.de wrote:
>> Hello,
>>
>> I use CentOS 6.5 and smbd 3.6.9-167.el6_5.
>>
>> I can successfully execute wbinfo -u and wbinfo -g, but getent passwd doesn't work.
>>
>> nsswitch.conf
>> passwd:     files winbind
>> shadow:     files
>> group:      files winbind
>>
>> I read in samba manual I have to link libnss_winbind.so to /lib, I did that but it doesn't work anyway:
>>
>> ls -ltr /lib/lib*
>> lrwxrwxrwx. 1 root root 28 14. Feb 12:34 /lib/libnss_winbind.so ->
>> /usr/lib64/libnss_winbind.so lrwxrwxrwx. 1 root root 26 14. Feb 12:38
>> /lib/libnss_files.so -> /usr/lib64/libnss_files.so lrwxrwxrwx. 1 root
>> root 26 14. Feb 12:40 /lib/libnss_winbind.so.2 ->
>> /lib64/libnss_winbind.so.2
>>
>> Can anyone help me out?
>>
>> Thanks!
>>
>> Mit freundlichen Grüßen / Best regards Björn
>>
>>
> I take it that you are running the machine as I client and installed
> samba 3.6.9 via yum? If so then you shouldn't have to create the links,
> yum should have done it for you.
>
> What is the client connecting to ? and could you please post the
> smb.conf from this client.
>
> Rowland

More information about the samba mailing list