[Samba] Using samba AD in mixed OS environment
Rowland Penny
rpenny at samba.org
Sun Apr 29 11:17:52 UTC 2018
On Sun, 29 Apr 2018 11:35:08 +0100
Zdravko Zdravkov <nirayah at gmail.com> wrote:
> So, so..
>
> Server and clients are CentOS7.
> Server was configured using samba-tool domain provision.
>
> *smb.conf* from server
>
> [global]
>
> > netbios name = AD
> > realm = XXXXXX
I do hope that is actually 'realm = XXXXXX.XXX'
> > server role = active directory domain controller
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate
> > workgroup = XXXX
> > idmap config XXXX:unix_nss_info = yes
Wrong line, it should be 'idmap_ldb:use rfc2307 = yes'
> > log file = /var/log/samba/samba.log
> > log level = 3
> > [netlogon]
> > path = /usr/local/samba/var/locks/sysvol/XXXXXX/scripts
> > read only = No
> > [sysvol]
> > path = /usr/local/samba/var/locks/sysvol
> > read only = No
>
>
>
> *sssd.conf* from client
As I said, wrong place for sssd, but from what I can see(it has been
quite some time since I used sssd), you are not doing anything really
out of the ordinary and as such, you do not need sssd, There is very
little that sssd can do that winbind cannot AND you only need to
configure one conf file instead of two.
>
> *nsswitch.conf* on client (part of it)
>
> passwd: files sss
> > shadow: files sss
> > group: files sss
Even allowing for 'sssd' this is wrong, 'sss' shouldn't be on the
shadow line.
>
>
>
> getent passwd pj (for example) provides this:
>
> pj:*:1115001179:1115000513:xxxxxx:/home/pj:/bin/bash
>
Looks to me that you should be using the winbind 'rid' backend instead
try reading this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Rowland
More information about the samba
mailing list