[Samba] Using samba AD in mixed OS environment

Rowland Penny rpenny at samba.org
Sun Apr 29 11:17:52 UTC 2018


On Sun, 29 Apr 2018 11:35:08 +0100
Zdravko Zdravkov <nirayah at gmail.com> wrote:

> So, so..
> 
> Server and clients are CentOS7.
> Server was configured using samba-tool domain provision.
> 
> *smb.conf* from server
> 
> [global]
> 
> >         netbios name = AD
> >         realm = XXXXXX

I do hope that is actually 'realm = XXXXXX.XXX'

> >         server role = active directory domain controller
> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate
> >         workgroup = XXXX
> >         idmap config XXXX:unix_nss_info = yes

Wrong line, it should be 'idmap_ldb:use rfc2307  = yes'

> >         log file = /var/log/samba/samba.log
> >         log level = 3
> > [netlogon]
> >         path = /usr/local/samba/var/locks/sysvol/XXXXXX/scripts
> >         read only = No
> > [sysvol]
> >         path = /usr/local/samba/var/locks/sysvol
> >         read only = No
> 
> 
> 
> *sssd.conf* from client

As I said, wrong place for sssd, but from what I can see(it has been
quite some time since I used sssd), you are not doing anything really
out of the ordinary and as such, you do not need sssd, There is very
little that sssd can do that winbind cannot AND you only need to
configure one conf file instead of two.
 
> 
> *nsswitch.conf* on client (part of it)
> 
> passwd:     files sss
> > shadow:     files sss
> > group:      files sss


Even allowing for 'sssd' this is wrong, 'sss' shouldn't be on the
shadow line.
 
> 
> 
> 
> getent passwd pj (for example) provides this:
> 
> pj:*:1115001179:1115000513:xxxxxx:/home/pj:/bin/bash
> 

Looks to me that you should be using the winbind 'rid' backend instead

try reading this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland



More information about the samba mailing list