[Samba] Samba 4.51 Solaris 11 AD client
Gaiseric Vandal
gaiseric.vandal at gmail.com
Thu Dec 8 02:33:22 UTC 2016
Solaris 11 include samba 3.6.25. I compiled samba 4.5.1 using GCC 4.8 and
gmake. Had set following env variables to make sure krb5.conf was found
# CPLUS_INCLUDE_PATH=/usr/include:/usr/include/kerberosv5/
# C_INCLUDE_PATH=/usr/include:/usr/include/kerberosv5/
After setting "client ldap sasl wrapping = plain" I was able to join to a
Windows 2008 domain with samba 4.
The samba 4.5.1 "wbinfo -m" showed the domain. However "wbinfo -u" did not
show any users.
This works OK with samba 3.6.25 .
With Samba 3
# testparm -v | grep signing
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
client signing = required
client ipc signing = required
server signing = No
With samba4
# /usr/local/samba/bin/testparm -v | grep signing
Load smb config files from /usr/local/samba-4.5.1/etc/smb.conf
rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
client ipc signing = default
client signing = default
server signing = default
log.winbindd has
[2016/12/07 21:16:22.781818, 1, pid=1520, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_util.c:352(trustdom_list_done)
trustdom_list_done: Could not receive trusts for domain MYDOMAIN
both samba3 and samba4 create krb5.conf.MYDOMAIN files
#/usr/local/samba/var/lock/smb_krb5# cat krb5.conf.MYDOMAIN
[libdefaults]
default_realm = MYDOMAIN.COM
default_tgs_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
RC4-HMAC DES-CBC-CRC DES-CBC-MD5
dns_lookup_realm = false
[realms]
MYDOMAIN.COM = {
kdc = 192.168.x.y
kdc = 192.168.x.z
}
#:/usr/local/samba/var/lock/smb_krb5#
I would like to disable DES encryption. Or maybe have samba use the system
krb5.conf .
With samba3, wbinfo will not show users from "classic" trusted domains but
will show users from AD trusted domains.
Beginning to think that I should have uninstalled samba3 before compiling
samba4 to make sure no conflicts between different versions of samba
libraries.
More information about the samba
mailing list