[Samba] ADS domain member: winbind fails
Stefan G. Weichinger
lists at xunil.at
Fri Dec 30 15:02:23 UTC 2016
Am 2016-12-30 um 14:49 schrieb L.P.H. van Belle via samba:
> I think we are mixing 2 things now.
>
> You corrected DC, thats good.
>
>
>
> And the debian server member is the member?
No:
debian = DC
gentoo = former NT4-PDC, upcoming member server / fileserver
>
> Did you add in /etc/ldap/ldap.conf
>
> TLS_REQCERT allow
on the member?
Did that right now.
> apt-get install ca-certificates
> echo “TLS_REQCERT allow” > /etc/ldap/ldap.conf
>
>
>
> Locate you SAMBA CA root.
>
> ln -s path_to_samba_TLS-CA-ROOT /usr/local/share/ca-certificates/samba-ca.crt
will dig that up on gentoo now ...
> Do that on the debian server, reboot it and after reboot type wbinfo –u
> And post /etc/hosts /etc/resolv.conf /etc/samba/smb.conf of that server.
you speak of the member server?
main samba # cat /etc/hosts
# IPv4 and IPv6 localhost aliases
127.0.0.1 localhost
::1 localhost
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.0.0.221 main.secret.tld main
10.0.0.222 samba.secret.tld samba
10.0.0.224 backup.secret.tld backup
10.0.0.225 vmware.secret.tld vmware
main samba # cat /etc/resolv.conf
# Generated by net-scripts for interface eth0
search arbeitsgruppe.secret.tld
nameserver 10.0.0.224
main samba # cat /etc/samba/smb.conf
[global]
security = ADS
workgroup = ARBEITSGRUPPE
realm = arbeitsgruppe.secret.tld
log file = /var/log/samba/%m.log
log level = 3
idmap config * : backend = tdb
idmap config * : range = 3000-7999
## idmap config for the ARBEITSGRUPPE domain
idmap config ARBEITSGRUPPE:backend = rid
idmap config ARBEITSGRUPPE:range = 10000-999999
username map = /etc/samba/user.map
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
[Daten]
comment = Daten
path = /mnt/daten
#valid users = @users
force group = users
read only = No
create mask = 0660
directory mask = 0770
More information about the samba
mailing list