[Samba] Question: Samba and YP-Yellow Pages relation.

Suporte - KONTROL suporte at kontrolsecurity.com.br
Thu Apr 5 21:57:03 UTC 2018


Hi Rowland,
Actually I don't want to disable the Yellow Pages, that's a situation I already have in the pFsense, cause YP was disabled by the pfsense developers.
So my doubt is: Is there a way to make samba (latest version) to work without the YP enabled?
What about what people made with that samba version 4.4.16 I mentioned? Not sure how they did that. The only thing I know is that it is working fine even without the YP.

The Microsoft environment is mixed. I have Win2008R2 / Win2012 R2 and Win2016. It is working today with all of them.

No problems, Here is the smb4.conf file:
################################# 
[global]
workgroup = KONTROL
map to guest = never
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = no
client NTLMv2 auth = yes
client lanman auth = no
client plaintext auth = no
use spnego = yes
client use spnego = yes
min protocol = LANMAN2
idmap gid = 10000-20000
idmap uid = 10000-20000
realm  = KONTROL.CORP
security = ads
template homedir = /home/%D/%U
template shell = /bin/bash
winbind offline logon = yes
winbind refresh tickets = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
log level = 3 passdb:5 winbind:3
usershare allow guests = no
printcap name = /dev/null
load printers = no
printing = bsd
local master = no
kerberos method = secrets and keytab
winbind refresh tickets = yes

[homes]
comment = Home Directories
valid users = %s, %D%W%S
browseable = no
read only = no
inherit acls = yes
#################################


-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny via samba
Sent: Thursday, April 5, 2018 6:03 PM
To: Suporte - KONTROL <suporte at kontrolsecurity.com.br>
Cc: samba at lists.samba.org
Subject: Re: [Samba] Question: Samba and YP-Yellow Pages relation.

On Thu, 5 Apr 2018 17:01:22 -0300
"Suporte - KONTROL" <suporte at kontrolsecurity.com.br> wrote:

> Hi Rowland,
> First of all, thanks Much for the message. Appreciate it!
> 
> Here more details...
> The users do not log into the pfSense. The Samba is being used to 
> authenticate users with the proxy (squid) in a pfsense environment
> (Freebsd) The PfSense box is added to the AD Domain as a "Member"
> only, so that way the proxy can authenticate against the AD via 
> NTLM/Kerberos.
> 
> Here is part of my script to add/leave Domain and also to create a 
> keytab file to use against Kerberos.
> 
> 
> #joining a Domain
> net ads join createupn=HTTP/hostname001.corp at DOMAIN.CORP -k echo 
> #adding SPN HTTP echo "Adding the SPN HTTP"
> net ads keytab add HTTP
> echo
> #Generating keytab file
> net ads keytab create -k
> 

You can get the keytab created during the join by adding:

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

To smb.conf before the join, not sure about the UPN though, never tried it.

It sounds like you are running Samba as a Unix domain member, any chance of seeing the (sanitized) smb.conf ? Also what is the AD DC ?

Not sure why you want to disable YP, squid is known to work with the default Samba

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list