[Samba] realmd and net rpc privileges

Rowland Penny rowlandpenny at googlemail.com
Fri May 1 04:34:40 MDT 2015 

On 01/05/15 11:21, a b wrote:
> Hi, too!
>
> Am 01.05.2015 um 11:32 schrieb L.P.H. van Belle:
>> Hai,
>>
>>> thus, the password of SAMDOM\Administrator is the
>>> mapped (root) pw.
>> No, not correct.
>> root has its password.
>> Administrator has it own password, even when mapped these are different.
>> these users just share the same uid 0 !
> Don't know. A minimal install of Samba, sssd on OEL7 doesn't include 
> or require krb5-workstation (which is how you get kinit), see at the 
> end of this post. I understand Administrator is a built-in account. I 
> have never created it, let alone assigned a PW. All I did which can 
> figure is related is assigning sambapasswd root, and the bespoke 
> user.map. Remains anemophily for the creation of the Administrator PW ;-)
>>
>> test with kinit Administrator at YOUR.REALM.TLD
>>
>>
>> and have a look here.
>>
>> http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/ 
>>
> This site treats a lot of problems I never had. And I don't see any 
> aspects that directly would contribute to this topic, sorry.
>>
>> make sure your /etc/hosts does NOT contain something like :
>>
>> 127.0.0.1 dc1.server.tld dc1
> Not sure what this is aiming at.
>> but
>> 127.0.0.1 localhost localhost.localdomain
>> and only the real server ip with hostname in hosts
> The error was against the lo ip. Why would an entry to eth0 change 
> anything here?
>>
>> as extra info :
>> Avoid a lot of the problems can be resolved by adding this section 
>> (in addition to disabling automatic-install) in /etc/realmd.conf:
>>
>> [my.domain.fqdn.here]
> I don't understand the meaning of that syntax. Rest, see above comment.
>>   fully-qualified-names = no
>>
>> Then I do:
>>   kinit myuser at MY.DOMAIN.FQDN.HERE
>>
>> and:
>>   realm join my.domain.fqdn.here
>>
>>
>> optional if you cant join install package : packagekit
>>
>>
>> and this all said, if all of above works, and you did join the AD and 
>> your resolving is correct,
>> then net rpc rights list
>> should work fine.
>> if not, wel, then i dont know., i dont use sssd and realmd.
> To begin with, I am seeing my problem through realmd, exclusively. 
> Maybe you should try realm. I learned if you follow the HowTos that 
> include a manual setup of authconfig and sssd are tedious, and don't 
> work smoothly. The method I learned later and used now for joiningt 
> the domain is much easier, and most of the above is probably 
> redundant, if not harmful. In a nutshell, once you installed the 
> required packages for realmd and sssd, you can sync the member server 
> to the right ntp, set up DNS (in my case done by DHCP), and 
> discover/join the domain. The scripts that come with realmd set up the 
> sssd.conf and configure/start sss deamon. These are main functions of 
> realmd. However, there seems to be a gap when using Samba vs. the 
> traditional methods that use winbind, and that's why I am here. 
> Winbindd and SSSD are mutually exclusive, as the RHEL7 manual explains.
>
> Best,
>
> Sebastian

Perhaps you will get better help if you try using a mailing list for 
realmd or sssd, neither of these two programs is supplied or supported 
by samba.

Rowland

More information about the samba mailing list