[Samba] realmd and net rpc privileges
Rowland Penny
rowlandpenny at googlemail.com
Fri May 1 04:34:40 MDT 2015
On 01/05/15 11:21, a b wrote:
> Hi, too!
>
> Am 01.05.2015 um 11:32 schrieb L.P.H. van Belle:
>> Hai,
>>
>>> thus, the password of SAMDOM\Administrator is the
>>> mapped (root) pw.
>> No, not correct.
>> root has its password.
>> Administrator has it own password, even when mapped these are different.
>> these users just share the same uid 0 !
> Don't know. A minimal install of Samba, sssd on OEL7 doesn't include
> or require krb5-workstation (which is how you get kinit), see at the
> end of this post. I understand Administrator is a built-in account. I
> have never created it, let alone assigned a PW. All I did which can
> figure is related is assigning sambapasswd root, and the bespoke
> user.map. Remains anemophily for the creation of the Administrator PW ;-)
>>
>> test with kinit Administrator at YOUR.REALM.TLD
>>
>>
>> and have a look here.
>>
>> http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/
>>
> This site treats a lot of problems I never had. And I don't see any
> aspects that directly would contribute to this topic, sorry.
>>
>> make sure your /etc/hosts does NOT contain something like :
>>
>> 127.0.0.1 dc1.server.tld dc1
> Not sure what this is aiming at.
>> but
>> 127.0.0.1 localhost localhost.localdomain
>> and only the real server ip with hostname in hosts
> The error was against the lo ip. Why would an entry to eth0 change
> anything here?
>>
>> as extra info :
>> Avoid a lot of the problems can be resolved by adding this section
>> (in addition to disabling automatic-install) in /etc/realmd.conf:
>>
>> [my.domain.fqdn.here]
> I don't understand the meaning of that syntax. Rest, see above comment.
>> fully-qualified-names = no
>>
>> Then I do:
>> kinit myuser at MY.DOMAIN.FQDN.HERE
>>
>> and:
>> realm join my.domain.fqdn.here
>>
>>
>> optional if you cant join install package : packagekit
>>
>>
>> and this all said, if all of above works, and you did join the AD and
>> your resolving is correct,
>> then net rpc rights list
>> should work fine.
>> if not, wel, then i dont know., i dont use sssd and realmd.
> To begin with, I am seeing my problem through realmd, exclusively.
> Maybe you should try realm. I learned if you follow the HowTos that
> include a manual setup of authconfig and sssd are tedious, and don't
> work smoothly. The method I learned later and used now for joiningt
> the domain is much easier, and most of the above is probably
> redundant, if not harmful. In a nutshell, once you installed the
> required packages for realmd and sssd, you can sync the member server
> to the right ntp, set up DNS (in my case done by DHCP), and
> discover/join the domain. The scripts that come with realmd set up the
> sssd.conf and configure/start sss deamon. These are main functions of
> realmd. However, there seems to be a gap when using Samba vs. the
> traditional methods that use winbind, and that's why I am here.
> Winbindd and SSSD are mutually exclusive, as the RHEL7 manual explains.
>
> Best,
>
> Sebastian
Perhaps you will get better help if you try using a mailing list for
realmd or sssd, neither of these two programs is supplied or supported
by samba.
Rowland
More information about the samba
mailing list