[Samba] Winbind Craziness
Rowland Penny
rpenny at samba.org
Wed Aug 1 16:46:17 UTC 2018
On Wed, 1 Aug 2018 15:59:33 +0000 (UTC)
ray klassen <julius_ahenobarbus at yahoo.co.uk> wrote:
> Thanks in advance. here's the total firehose drink. I've obscured
> host, domain, subnet. Hope that will still work for you. Don't want
> all the info publicized.
>
> -----------
> Checking file: /etc/resolv.conf
> search obscured.domain.com
> nameserver 10.10.1.14
> nameserver 10.10.1.22
Provided the nameservers are both AD DC's, or the first one is a DC,
then OK.
> -----------
> Checking file: /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try: # `info libc "Name Service Switch"' for information
> about this file.
>
> passwd: files winbind
> group: files winbind
> shadow: files winbind
Remove 'winbind' from the shadow line.
> -----------
> Checking file: /etc/samba/smb.conf
I have removed all the default settings and anything that shouldn't be
there and this is the result:
[global]
workgroup = DOMAIN
realm = OBSCURED.DOMAIN.COM
security = ADS
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
winbind nss info = rfc2307
winbind refresh tickets = yes
winbind max domain connections = 20
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 500-40000
idmap config *:backend = tdb
idmap config *:range = 70001-80000
domain master = no
local master = no
printing = cups
printcap = cups
utmp = yes
cups options = raw
log file = /var/log/samba/log.%I
max log size = 100000
check password script = /usr/local/sbin/complexity.perl
syslog = 0
dos charset = 850
unix charset = ISO8859-1
username map = /etc/samba/smbusers
interfaces = eth0 lo
passwd chat timeout = 30
spoolss: architecture = Windows x64
include = /etc/samba/smb.conf.client-%I
include = /etc/samba/smb.conf.%I
include = /etc/samba/shares.inc
Is the 'check password script' correct for AD ?
What is in the 'include' files ?
>
>
> -----------
> Content of /etc/samba/smbusers
> root = administrator
Should be '!root DOMAIN\administrator administrator'
More information about the samba
mailing list