[Samba] Winbind with krb5auth for trust users
Rowland Penny
rpenny at samba.org
Tue Aug 22 10:59:59 UTC 2017
See inline comments:
On Tue, 22 Aug 2017 12:20:04 +0200
Andreas Hauffe via samba <samba at lists.samba.org> wrote:
> Hi,
>
> hier are the file. I replaced the real domain/realm name by
> "search&replace", so there should not be a typping error in my file
> concernig the realm or domain names.
>
> Regards,
> Andreas
>
> client:~ # more /etc/hostname
> client.loc.example.de
This should just be 'client'
> client:~ # more /etc/hosts
>
> 127.0.0.1 localhost
>
> # special IPv6 addresses
> ::1 localhost ipv6-localhost ipv6-loopback
>
> fe00::0 ipv6-localnet
>
> ff00::0 ipv6-mcastprefix
> ff02::1 ipv6-allnodes
> ff02::2 ipv6-allrouters
> ff02::3 ipv6-allhosts
> 192.168.1.4 client.loc.example.de client.loc.example.de
The line above should be:
192.168.1.4 client.loc.example.de client
>
> client:~ # more /etc/resolv.conf
> search loc.example.de
> nameserver 192.168.1.2
> nameserver 192.168.1.3
I take it that the two ipaddresses are your DCs
> client:~ # more /etc/nsswitch.conf
>
> passwd: compat winbind
> group: compat winbind
>
> hosts: files mdns_minimal [NOTFOUND=return] dns
I would change the line above to:
hosts: files dns
> client:~ # more /etc/samba/smb.conf
> [global]
> security = ADS
> workgroup = LOC
> realm = LOC.EXAMPLE.COM
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> template homedir = /home/%D/%U
> template shell = /bin/bash
>
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use a read-write-enabled back end, such as tdb.
> # - Adding just this is not enough
> # - You must set a DOMAIN backend configuration, see below
> idmap config * : backend = tdb
> idmap config * : range = 1000000-2000000
Hmm, do you not understand 'Adding just this is not enough' and 'You
must set a DOMAIN backend configuration, see below' ?
I would expect something like this:
idmap config * : backend = tdb
idmap config * : range = 3000-9999
idmap config LOC : backend = rid
idmap config LOC : range = 1000000-2000000
Rowland
More information about the samba
mailing list