[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Emmanuel Florac
eflorac at intellique.com
Sat Feb 18 21:26:39 UTC 2017
Le Sat, 18 Feb 2017 20:17:12 +0000
Rowland Penny via samba <samba at lists.samba.org> écrivait:
> On Sat, 18 Feb 2017 19:12:39 +0000
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> > I will set up debian in a VM and install the OS Samba packages and
> > see if I have problems, bear with me ;-)
> >
>
> OK, back with the result and it works for me ;-)
>
> Debian Jessie network install, no GUI, using DHCP to set ipaddress.
>
> Only change I made before installing Samba, was to comment the
> '127.0.1.1' line in /etc/hosts
>
> apt-get install samba acl attr quota fam
> winbind libpam-winbind libpam-krb5 libnss-winbind krb5-config
> krb5-user ntp dnsutils ldb-tools
>
> service smbd stop
> service nmbd stop
> service winbind stop
>
> /etc/samba/smb.conf
>
> [global]
> workgroup = SAMDOM
> security = ADS
> realm = SAMDOM.EXAMPLE.COM
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> server string = Samba 4 Client %h
>
> winbind use default domain = yes
> winbind expand groups = 4
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind offline logon = yes
> winbind normalize names = Yes
>
> ## map ids outside of domain to tdb files.
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> ## map ids from the domain the ranges may not overlap !
> idmap config SAMDOM : backend = rid
> idmap config SAMDOM : range = 10000-999999
> template shell = /bin/bash
> template homedir = /home/SAMDOM/%U
>
> domain master = no
> local master = no
> preferred master = no
> os level = 20
> map to guest = bad user
> host msdfs = no
>
> # user Administrator workaround, without it you are unable to set
> privileges username map = /etc/samba/user.map
>
> # For ACL support on domain member
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> # Share Setting Globally
> unix extensions = no
> reset on zero vc = yes
> veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
> hide unreadable = yes
>
> # disable printing completely
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> /etc/samba/user.map
>
> !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> administrator
>
> samba -V
> Version 4.2.14-Debian
>
> /etc/krb5.conf
>
> [libdefaults]
> default_realm = SAMDOM.EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> chmod 644 /etc/krb5.conf
>
> net ads join -U Administrator
> Using short domain name -- SAMDOM
> Joined 'DEBMEMBER' to dns domain 'samdom.example.com'
>
> service smbd start
> service nmbd start
> service winbind start
>
> /etc/nsswitch.conf
>
> Add 'winbind' to the passwd & group lines
>
> 'getent passwd' displays all users, local and AD
>
> getent passwd rowland
> rowland:*:11107:10513:Rowland Penny:/home/rowland:/bin/bash
>
Ok thank you Rowland, monday I'll try resetting everything from scratch,
deleting all tdb databases and stuff..
--
------------------------------------------------------------------------
Emmanuel Florac | Direction technique
| Intellique
| <eflorac at intellique.com>
| +33 1 78 94 84 02
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Signature digitale OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20170218/4d42879c/attachment.sig>
More information about the samba
mailing list