[Samba] doubt
Rowland Penny
rpenny at samba.org
Mon Apr 17 18:21:30 UTC 2017
On Mon, 17 Apr 2017 14:57:45 -0300
Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:
> Well, i dont have sssd installed.
OK, now we know that ;-)
>
> With winbind i install this packages:
> yum install realmd oddjob oddjob-mkhomedir adcli samba-common
> samba-common-tools krb5-workstation openldap-clients
> policycoreutils-python samba-winbind-clients
I use Devuan and install these:
samba acl attr quota fam winbind libpam-winbind libpam-krb5
libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools
You probably have the red-hat versions of these packages installed, but
it might be worth checking.
>
> My nsswitch.conf
>
> passwd: files ldap winbind
> shadow: files ldap winbind
> group: files ldap winbind
Remove 'ldap' you do not need it and it will use 'ldap' before 'winbind'
> > > # My mini tutorial
> > >
> > > #########################
> > > (First test)
> > > #########################
> > >
> > > realm join --client-software=winbind -U login NONAME.COM.BR
> > > realm list
> > > authconfig --enablewinbindusedefaultdomain --update
> > >
> > > wbinfo -t
> > > wbinfo -g
> > > wbinfo -u
> > >
> > > Work (join in domain, and list groups and users)
You need to get 'getent' to show your users & groups, until they are
shown, your OS doesn't know them.
> > >
> > > i can use for authentication ssh and apache (work)
Use the info on the wiki page I posted for apache.
> > >
> > > ### My problem
> > > Acually File with winbind
> > >
> > > workgroup = NONAME
> > > realm = NONAME.COM.BR
> > > security = ads
> > > idmap config * : range = 16777216-33554431
> > > template homedir = /home/%U@%D
> > > template shell = /bin/bash
> > > kerberos method = secrets only
> > > winbind use default domain = true
> > > winbind offline logon = true
Use 'security = ads' and add something like
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config NONAME : backend = rid
idmap config NONAME : range = 10000-999999
You can change the ranges if you like, but there is no real point.
Incidentally, the range you used '167777216-33554431' looks like the
numbers sssd uses.
Please read the wiki pages I pointed you to, if you follow them, you
should end up with a working system that does what you require.
Rowland
More information about the samba
mailing list