[Samba] doubt
Luiz Guilherme Nunes Fernandes
narutospinal at gmail.com
Mon Apr 17 18:35:48 UTC 2017
Ok thanks, i make new tests.
2017-04-17 15:21 GMT-03:00 Rowland Penny <rpenny at samba.org>:
> On Mon, 17 Apr 2017 14:57:45 -0300
> Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:
>
> > Well, i dont have sssd installed.
>
> OK, now we know that ;-)
>
> >
> > With winbind i install this packages:
> > yum install realmd oddjob oddjob-mkhomedir adcli samba-common
> > samba-common-tools krb5-workstation openldap-clients
> > policycoreutils-python samba-winbind-clients
>
> I use Devuan and install these:
>
> samba acl attr quota fam winbind libpam-winbind libpam-krb5
> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools
>
> You probably have the red-hat versions of these packages installed, but
> it might be worth checking.
>
> >
> > My nsswitch.conf
> >
> > passwd: files ldap winbind
> > shadow: files ldap winbind
> > group: files ldap winbind
>
> Remove 'ldap' you do not need it and it will use 'ldap' before 'winbind'
>
>
> > > > # My mini tutorial
> > > >
> > > > #########################
> > > > (First test)
> > > > #########################
> > > >
> > > > realm join --client-software=winbind -U login NONAME.COM.BR
> > > > realm list
> > > > authconfig --enablewinbindusedefaultdomain --update
> > > >
> > > > wbinfo -t
> > > > wbinfo -g
> > > > wbinfo -u
> > > >
> > > > Work (join in domain, and list groups and users)
>
> You need to get 'getent' to show your users & groups, until they are
> shown, your OS doesn't know them.
>
> > > >
> > > > i can use for authentication ssh and apache (work)
>
> Use the info on the wiki page I posted for apache.
>
> > > >
> > > > ### My problem
> > > > Acually File with winbind
> > > >
> > > > workgroup = NONAME
> > > > realm = NONAME.COM.BR
> > > > security = ads
> > > > idmap config * : range = 16777216-33554431
> > > > template homedir = /home/%U@%D
> > > > template shell = /bin/bash
> > > > kerberos method = secrets only
> > > > winbind use default domain = true
> > > > winbind offline logon = true
>
> Use 'security = ads' and add something like
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config NONAME : backend = rid
> idmap config NONAME : range = 10000-999999
>
> You can change the ranges if you like, but there is no real point.
> Incidentally, the range you used '167777216-33554431' looks like the
> numbers sssd uses.
>
> Please read the wiki pages I pointed you to, if you follow them, you
> should end up with a working system that does what you require.
>
> Rowland
>
>
>
--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
(João 14:6)
Att.
♪ ♫ Luiz Guilherme Nunes
Fernandes ♫ ♪
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
More information about the samba
mailing list