[Samba] CentOS Samba as Domain Member
Rowland Penny
rowlandpenny at googlemail.com
Fri Feb 14 07:03:11 MST 2014
On 14/02/14 13:41, Bjoern.Becker at easycash.de wrote:
> On 14/02/14 12:38, Bjoern.Becker at easycash.de wrote:
>> Hi,
>>
>> yes, I installed it via yum. But the links under /lib were not available:
>>
>> rpm -qa | grep samba
>> samba-winbind-clients-3.6.9-167.el6_5.x86_64
>> samba-3.6.9-167.el6_5.x86_64
>> samba4-libs-4.0.0-60.el6_5.rc4.x86_64
>> samba-client-3.6.9-167.el6_5.x86_64
>> samba-winbind-3.6.9-167.el6_5.x86_64
>> samba-common-3.6.9-167.el6_5.x86_64
>>
>> Wondering a bit about samba4-libs....
>>> Did samba4-libs get installed automatically ?
> I would like to say yes, but I can't reproduce it. I got a really clean install and just install some basic packages. Puppet ensured that "samba" is present.
> I uninstall all and clean it up to reinstall it through puppet again and now The samba4-libs aren't installed....
Strange, but you dont need samba4-libs anyway.
>
>> I connecting against a active directory.
>>
>> # smb.conf
>> #======================= Global Settings
>> =====================================
>>
>> [global]
>>
>> workgroup = DOM_RAT
>> server string = Samba Server Version %M
>> security = ADS
>> realm = DOM.DE
>> workgroup = DOM_RAT
>> winbind separator = +
>> winbind enum users = yes
>> winbind enum groups = yes
>> template homedir = /home/%D/%U
>> template shell = /bin/bash
>> client use spnego = yes
>> client ntlmv2 auth = yes
>> encrypt passwords = yes
>> winbind use default domain = yes
>> restrict anonymous = 2
>> domain master = no
>> local master = no
>> preferred master = no
>> os level = 0
>> winbind offline logon = no
>>> OK, you need to add something like this:
>>> kerberos method = secrets and keytab
>>> winbind expand groups = 4
>>> winbind nss info = rfc2307
>>> winbind refresh tickets = Yes
>>> winbind normalize names = Yes
>>> idmap config DOM_RAT:schema_mode = rfc2307
>>> idmap config DOM_RAT:range = 500-40000
>>> idmap config DOM_RAT:backend = ad
>>> idmap config *:range = 70001-80000
>>> idmap config *:backend = tdb
>>> Then restart samba, this will rely on the RFC2307 uidNumber & gidNumber attributes being available in AD, if not change 'idmap config DOM_RAT:backend = ad' to ' idmap config DOM_RAT:backend = rid'
> Yay! That's it. With backend = rid it works finaly!
>
> Thank you very much!
You are welcome, but be aware that without the RFC2307 attributes you
could have different id numbers on different samba servers.
Rowland
>
>>> Also have you added 'winbind' to the passwd & group lines in /etc/nsswitch.conf ?
> Yes.
>
> Rowland
>
>> Mit freundlichen Grüßen / Best regards Björn
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Rowland Penny [mailto:rowlandpenny at googlemail.com]
>> Gesendet: Freitag, 14. Februar 2014 13:34
>> An: Becker, Björn; samba at lists.samba.org
>> Betreff: Re: [Samba] CentOS Samba as Domain Member
>>
>> On 14/02/14 11:54, Bjoern.Becker at easycash.de wrote:
>>> Hello,
>>>
>>> I use CentOS 6.5 and smbd 3.6.9-167.el6_5.
>>>
>>> I can successfully execute wbinfo -u and wbinfo -g, but getent passwd doesn't work.
>>>
>>> nsswitch.conf
>>> passwd: files winbind
>>> shadow: files
>>> group: files winbind
>>>
>>> I read in samba manual I have to link libnss_winbind.so to /lib, I did that but it doesn't work anyway:
>>>
>>> ls -ltr /lib/lib*
>>> lrwxrwxrwx. 1 root root 28 14. Feb 12:34 /lib/libnss_winbind.so ->
>>> /usr/lib64/libnss_winbind.so lrwxrwxrwx. 1 root root 26 14. Feb 12:38
>>> /lib/libnss_files.so -> /usr/lib64/libnss_files.so lrwxrwxrwx. 1 root
>>> root 26 14. Feb 12:40 /lib/libnss_winbind.so.2 ->
>>> /lib64/libnss_winbind.so.2
>>>
>>> Can anyone help me out?
>>>
>>> Thanks!
>>>
>>> Mit freundlichen Grüßen / Best regards Björn
>>>
>>>
>> I take it that you are running the machine as I client and installed
>> samba 3.6.9 via yum? If so then you shouldn't have to create the links,
>> yum should have done it for you.
>>
>> What is the client connecting to ? and could you please post the
>> smb.conf from this client.
>>
>> Rowland
More information about the samba
mailing list