[Samba] CentOS Samba as Domain Member
Rowland Penny
rowlandpenny at googlemail.com
Fri Feb 14 06:23:10 MST 2014
On 14/02/14 12:38, Bjoern.Becker at easycash.de wrote:
> Hi,
>
> yes, I installed it via yum. But the links under /lib were not available:
>
> rpm -qa | grep samba
> samba-winbind-clients-3.6.9-167.el6_5.x86_64
> samba-3.6.9-167.el6_5.x86_64
> samba4-libs-4.0.0-60.el6_5.rc4.x86_64
> samba-client-3.6.9-167.el6_5.x86_64
> samba-winbind-3.6.9-167.el6_5.x86_64
> samba-common-3.6.9-167.el6_5.x86_64
>
> Wondering a bit about samba4-libs....
Did samba4-libs get installed automatically ?
>
> I connecting against a active directory.
>
> # smb.conf
> #======================= Global Settings =====================================
>
> [global]
>
> workgroup = DOM_RAT
> server string = Samba Server Version %M
> security = ADS
> realm = DOM.DE
> workgroup = DOM_RAT
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> template homedir = /home/%D/%U
> template shell = /bin/bash
> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> winbind use default domain = yes
> restrict anonymous = 2
> domain master = no
> local master = no
> preferred master = no
> os level = 0
> winbind offline logon = no
OK, you need to add something like this:
kerberos method = secrets and keytab
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind normalize names = Yes
idmap config DOM_RAT:schema_mode = rfc2307
idmap config DOM_RAT:range = 500-40000
idmap config DOM_RAT:backend = ad
idmap config *:range = 70001-80000
idmap config *:backend = tdb
Then restart samba, this will rely on the RFC2307 uidNumber & gidNumber
attributes being available in AD, if not change 'idmap config
DOM_RAT:backend = ad' to ' idmap config DOM_RAT:backend = rid'
Also have you added 'winbind' to the passwd & group lines in
/etc/nsswitch.conf ?
Rowland
>
> Mit freundlichen Grüßen / Best regards
> Björn
>
>
> -----Ursprüngliche Nachricht-----
> Von: Rowland Penny [mailto:rowlandpenny at googlemail.com]
> Gesendet: Freitag, 14. Februar 2014 13:34
> An: Becker, Björn; samba at lists.samba.org
> Betreff: Re: [Samba] CentOS Samba as Domain Member
>
> On 14/02/14 11:54, Bjoern.Becker at easycash.de wrote:
>> Hello,
>>
>> I use CentOS 6.5 and smbd 3.6.9-167.el6_5.
>>
>> I can successfully execute wbinfo -u and wbinfo -g, but getent passwd doesn't work.
>>
>> nsswitch.conf
>> passwd: files winbind
>> shadow: files
>> group: files winbind
>>
>> I read in samba manual I have to link libnss_winbind.so to /lib, I did that but it doesn't work anyway:
>>
>> ls -ltr /lib/lib*
>> lrwxrwxrwx. 1 root root 28 14. Feb 12:34 /lib/libnss_winbind.so ->
>> /usr/lib64/libnss_winbind.so lrwxrwxrwx. 1 root root 26 14. Feb 12:38
>> /lib/libnss_files.so -> /usr/lib64/libnss_files.so lrwxrwxrwx. 1 root
>> root 26 14. Feb 12:40 /lib/libnss_winbind.so.2 ->
>> /lib64/libnss_winbind.so.2
>>
>> Can anyone help me out?
>>
>> Thanks!
>>
>> Mit freundlichen Grüßen / Best regards Björn
>>
>>
> I take it that you are running the machine as I client and installed
> samba 3.6.9 via yum? If so then you shouldn't have to create the links,
> yum should have done it for you.
>
> What is the client connecting to ? and could you please post the
> smb.conf from this client.
>
> Rowland
More information about the samba
mailing list