[Samba] Sample smb.conf for ADs authentication
Rowland Penny
rpenny at samba.org
Fri Dec 14 18:26:37 UTC 2018
On Fri, 14 Dec 2018 12:50:28 -0500
Gilbert Soucy <gsoucy at 36pix.com> wrote:
> Hello,
>
> We made some progress. I checked all the packaged installed and there
> was still an sssd tool installed.
>
> After removing that package, the ping is now working:
>
> [root at server samba]# wbinfo --ping-dc
> checking the NETLOGON for domain[DOMAIN] dc connection to
> "DC1.domain.com" succeeded
That would probably do it, sssd has its own version of a Samba winbind
lib.
>
>
> However, we still cannot list the users:
>
> [root at server samba]# getent passwd DOMAIN\\t3500
> [root at server samba]#
>
Try adding 'winbind use default domain = yes'
Restart Samba and then try it like this:
getent passwd t3500
If that doesn't work, change your 'idmap config' lines to these:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN:backend = rid
idmap config DOMAIN:range = 10000-999999
This is just for a test, if 'getent' now works, the problem lines in
AD, if it doesn't work, it is an OS problem.
>
> Can we get more info now as to why it is not working ? I cannot see
> anything intetresting in the logs.
>
> You will find the answers to your questions below.
>
> ===============
>
> > what is in /etc/hostname
>
> [root at server samba]# cat /etc/hostname
> server
>
> ============
>
> > what is in /etc/hosts
>
> [root at server samba]# cat /etc/hosts
> 127.0.0.1 localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 192.168.1.21 adserver.domain.com adserver
> 192.168.1.68 server.domain.com server
>
You do not need the 'adserver' line
Rowland
More information about the samba
mailing list