[Samba] doubt

Luiz Guilherme Nunes Fernandes narutospinal at gmail.com
Mon Apr 17 18:35:48 UTC 2017


Ok thanks, i make new tests.

2017-04-17 15:21 GMT-03:00 Rowland Penny <rpenny at samba.org>:

> On Mon, 17 Apr 2017 14:57:45 -0300
> Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:
>
> > Well, i dont have sssd installed.
>
> OK, now we know that ;-)
>
> >
> > With winbind i install this packages:
> > yum install realmd oddjob oddjob-mkhomedir adcli samba-common
> > samba-common-tools krb5-workstation openldap-clients
> > policycoreutils-python samba-winbind-clients
>
> I use Devuan and install these:
>
> samba acl attr quota fam winbind libpam-winbind libpam-krb5
> libnss-winbind krb5-config krb5-user ntp dnsutils ldb-tools
>
> You probably have the red-hat versions of these packages installed, but
> it might be worth checking.
>
> >
> > My nsswitch.conf
> >
> > passwd:     files ldap winbind
> > shadow:     files ldap winbind
> > group:        files ldap winbind
>
> Remove 'ldap' you do not need it and it will use 'ldap' before 'winbind'
>
>
> > > > # My mini tutorial
> > > >
> > > > #########################
> > > > (First test)
> > > > #########################
> > > >
> > > > realm join --client-software=winbind -U login NONAME.COM.BR
> > > > realm list
> > > > authconfig --enablewinbindusedefaultdomain --update
> > > >
> > > > wbinfo -t
> > > > wbinfo -g
> > > > wbinfo -u
> > > >
> > > > Work (join in domain, and list groups and users)
>
> You need to get 'getent' to show your users & groups, until they are
> shown, your OS doesn't know them.
>
> > > >
> > > > i can use for authentication ssh and apache (work)
>
> Use the info on the wiki page I posted for apache.
>
> > > >
> > > > ### My problem
> > > > Acually File with winbind
> > > >
> > > >    workgroup = NONAME
> > > >    realm = NONAME.COM.BR
> > > >    security = ads
> > > >    idmap config * : range = 16777216-33554431
> > > >    template homedir = /home/%U@%D
> > > >    template shell = /bin/bash
> > > >    kerberos method = secrets only
> > > >    winbind use default domain = true
> > > >    winbind offline logon = true
>
> Use 'security = ads' and add something like
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config NONAME : backend = rid
> idmap config NONAME : range = 10000-999999
>
> You can change the ranges if you like, but there is no real point.
> Incidentally, the range you used '167777216-33554431' looks like the
> numbers sssd uses.
>
> Please read the wiki pages I pointed you to, if you follow them, you
> should end up with a working system that does what you require.
>
> Rowland
>
>
>


-- 
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>


More information about the samba mailing list