[Samba] ADS Domain Member Workgroup vs Realm

Tim lists at kiuni.de
Tue Feb 24 00:25:14 MST 2015 

 I would say that workgroup = ZARTMAN should be right. Workgroups normally don't have dots in their name.

Than you should also try:
idmap config ZARTMAN:backend = ad
idmap config ZARTMAN:schema_mode = rfc2307
idmap config ZARTMAN:range = 10000-99999

One more thing is that it's not recommended to have a .local domain realm.
Have a look at this above glibc...
https://wiki.samba.org/index.php/Samba_Troubleshooting

Regards
Tim

Am 24. Februar 2015 07:28:11 MEZ, schrieb Greg Zartman <gzartman at koozali.org>:
>I'm working to setup Samba as a domain member to a Windows Server
>active
>directory, and I keep hitting road blocks.  There's some real
>terminology
>hurdles in the wiki.
>
>In a nutshell, my problem is this:  I setup a Windows 2012 Essentials
>ADS
>domain and I ended up with zartman.local for my "domain" in Windows.  
>So,
>I've got a dns zone in windows server that is domain.local and my
>netbios
>domain for ADS membership is zartman.local.
>
>On the Samba side, I'm not sure what needs to be specified for "realm"
>and
>"workgroup".   If I set workgroup = zartman.local and
>realm=ZARTMAN.LOCAL,
>samba bellyaches and says I can't have workgroup=zartman.local.   If I
>set
>workgroup = zartman, then the Samba netbios domain is "zartman" and not
>zartman.local.
>
>The membership details look find for net ads info:
>
>[root at cos6 ~]# net ads info
>LDAP server: 192.168.0.15
>LDAP server name: pdc.zartman.local
>Realm: ZARTMAN.LOCAL
>Bind Path: dc=ZARTMAN,dc=LOCAL
>LDAP port: 389
>Server time: Mon, 23 Feb 2015 22:25:32 PST
>KDC server: 192.168.0.15
>Server time offset: 1
>
>If I check the domain with net domain, I get:
>[root at cos6 ~]# net domain -U admin
>Enter admin's password:
>
>Enumerating domains:
>
>        Domain name          Server name of Browse Master
>        -------------        ----------------------------
>        ZARTMAN              COS6
>
>
>This isn't correct.  It thinks my domain member is the master browser.
>
>For completeness sake, here is my smb.conf:
>
>[root at cos6 ~]# cat /etc/samba/smb.conf
>[global]
>workgroup = zartman
>realm = ZARTMAN.LOCAL
>security = ads
>dedicated keytab file = /etc/krb5.keytab
>kerberos method = secrets and keytab
>
>idmap config *:backend = tdb
>idmap config *:range = 2000-9999
>idmap config ZARTMAN.LOCAL:backend = ad
>idmap config ZARTMAN.LOCAL:schema_mode = rfc2307
>idmap config ZARTMAN.LOCAL:range = 10000-99999
>
>winbind nss info = rfc2307
>winbind trusted domains only = no
>winbind use default domain = yes
>winbind enum users  = yes
>winbind enum groups = yes
>winbind refresh tickets = Yes
>
>
>
>-- 
>Greg J. Zartman
>Board Member
>
>Koozali SME Server
>www.koozali.org
>
>SME Server user, contributor, and community member since 2000
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list