[Samba] realmd and net rpc privileges
sequoiamobil at gmx.net
Fri May 1 04:21:59 MDT 2015
Am 01.05.2015 um 11:32 schrieb L.P.H. van Belle:
>> thus, the password of SAMDOM\Administrator is the
>> mapped (root) pw.
> No, not correct.
> root has its password.
> Administrator has it own password, even when mapped these are different.
> these users just share the same uid 0 !
Don't know. A minimal install of Samba, sssd on OEL7 doesn't include or
require krb5-workstation (which is how you get kinit), see at the end of
this post. I understand Administrator is a built-in account. I have
never created it, let alone assigned a PW. All I did which can figure is
related is assigning sambapasswd root, and the bespoke user.map. Remains
anemophily for the creation of the Administrator PW ;-)
> test with kinit Administrator at YOUR.REALM.TLD
> and have a look here.
This site treats a lot of problems I never had. And I don't see any
aspects that directly would contribute to this topic, sorry.
> make sure your /etc/hosts does NOT contain something like :
> 127.0.0.1 dc1.server.tld dc1
Not sure what this is aiming at.
> 127.0.0.1 localhost localhost.localdomain
> and only the real server ip with hostname in hosts
The error was against the lo ip. Why would an entry to eth0 change
> as extra info :
> Avoid a lot of the problems can be resolved by adding this section (in addition to disabling automatic-install) in /etc/realmd.conf:
I don't understand the meaning of that syntax. Rest, see above comment.
> fully-qualified-names = no
> Then I do:
> kinit myuser at MY.DOMAIN.FQDN.HERE
> realm join my.domain.fqdn.here
> optional if you cant join install package : packagekit
> and this all said, if all of above works, and you did join the AD and your resolving is correct,
> then net rpc rights list
> should work fine.
> if not, wel, then i dont know., i dont use sssd and realmd.
To begin with, I am seeing my problem through realmd, exclusively. Maybe
you should try realm. I learned if you follow the HowTos that include a
manual setup of authconfig and sssd are tedious, and don't work
smoothly. The method I learned later and used now for joiningt the
domain is much easier, and most of the above is probably redundant, if
not harmful. In a nutshell, once you installed the required packages for
realmd and sssd, you can sync the member server to the right ntp, set up
DNS (in my case done by DHCP), and discover/join the domain. The scripts
that come with realmd set up the sssd.conf and configure/start sss
deamon. These are main functions of realmd. However, there seems to be a
gap when using Samba vs. the traditional methods that use winbind, and
that's why I am here. Winbindd and SSSD are mutually exclusive, as the
RHEL7 manual explains.
More information about the samba