[Samba] Winbind with krb5auth for trust users
Andreas Hauffe
andreas.hauffe at tu-dresden.de
Tue Aug 22 12:30:44 UTC 2017
Hi,
I already added the two lines in smb.conf for my last test.
Andreas
[global]
security = ADS
workgroup = LOC
realm = LOC.EXAMPLE.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
log level = 1
template homedir = /home/%D/%U
template shell = /bin/bash
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
# - Adding just this is not enough
# - You must set a DOMAIN backend configuration, see below
idmap config * : backend = tdb
idmap config * : range = 3000-9999
idmap config LOC : backend = rid
idmap config LOC : range = 1000000-2000000
idmap config GLOB : backend = rid
idmap config GLOB : range = 3000000-4000000
Am 22.08.2017 um 14:10 schrieb Rowland Penny via samba:
> On Tue, 22 Aug 2017 13:51:24 +0200
> Andreas Hauffe via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> sorry for not reading the comment above idmap config. I uninstalled
>> and reinstalled samba and configs to remove all old id mappings and
>> so on. Then changed all configs as adviced. The id mapping is working
>> correctly (wbinfo -i) for local and trusted domain. But I still
>> cannot logon with wbinfo -K with a trusted domain account.
>>
> You will probably need a couple more lines in smb.conf:
>
> idmap config OTHERDOM : backend = rid
> idmap config OTHERDOM : range = 2000001-3000000
>
> Rowland
>
More information about the samba
mailing list