[Samba] SAMBA not working as AD member server

Rowland Penny rowlandpenny at googlemail.com
Tue May 5 07:59:31 MDT 2015 

On 05/05/15 14:38, John Rykala wrote:
> I am trying to get SAMBA working as a member server with a Windows 
> 2008R2 AD server, CentOS 6.6 and Samba 3.6
>
> The two following commands work fine:
> kinit administrator at TESTNET.LOCAL
> net ads join –U administrator
> however wbinfo -u only shown local accounts
> and getent passwd returns nothing. Any help would be appreciated.
>
> krb5.conf
>
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>  default_realm = TESTNET.LOCAL
>  dns_lookup_realm = true
>  dns_lookup_kdc = true
>  ticket_lifetime = 24h
>  renew_lifetime = 7d
>  forwardable = true
>
> [appdefaults]
>   pam = {
>     debug = false
>     ticket_lifetime = 36000
>     renew_lifefime = 36000
>     forwardable = true
>     krb4_convert = false
>   }
>
> smb.conf
> [global]
>   workgroup = TESTNET
>   realm = TESTNET.LOCAL
>   security = ADS
>   domain master = no
>   local master = no
>
>   winbind nss info = rfc2307
>   winbind trusted domains only = no
>   winbind use default domain = yes
>   winbind enum users = yes
>   winbind enum groups = yes
>   winbind nested groups = yes
>   winbind refresh tickets = yes
>   winbind expand groups = 4
>   winbind normalize names = Yes
>   vfs objects = acl_xattr
>   map acl inherit = Yes
>   store dos attributes = Yes
>
>   idmap config * : backend = tdb
>   idmap config * : range = 1000000-1999999
>   idmap config TESTNET : backend = ad
>   idmap config TESTNET : schema_mode = rfc2307
>   idmap config TESTNET : range = 10000-99999
>
>   client use spnego = yes
>   client ntlmv2 auth = yes
>   encrypt passwords = yes
>   restrict anonymous = 2
>
>   disable spoolss = yes
>   preferred master = no
>   server string = Samba Server %v
>   log level = 3
>   log file = /var/log/samba/%m
>   max log size = 25
>
> [common]
>   comment = Common Files
>   path = /sharedrives/common
>   valid users = @"Domain Users"
>   force group = "Domain Users"
>   directory mode = 0770
>   create mode = 0660
>   force create mode = 0660
>   browseable = yes
>   read only = no
>
>

Does your windows server have IDMU installed ?

Rowland

More information about the samba mailing list