[Samba] Samba with IPA errors
Rowland penny
rpenny at samba.org
Fri Aug 28 08:23:20 UTC 2020
On 28/08/2020 08:17, Christoph via samba wrote:
> Hi All,
>
> I've samba (4.11.2) on centos 8 connected to IPA.
> All works as expected but I see these errors in log:
>
> what is here wrong?
Apart from not starting your thread ?
>
> this is my config:
>
> [global]
> debug pid = yes
> realm = CHAO5.INT
> workgroup = CHAO5
> ldap group suffix = cn=groups,cn=accounts
> ldap machine suffix = cn=computers,cn=accounts
> ldap ssl = off
> ldap suffix = dc=chao5,dc=int
> ldap user suffix = cn=users,cn=accounts
> log file = /var/log/samba/log
> max log size = 100000
> registry shares = Yes
> disable spoolss = Yes
> dedicated keytab file = FILE:/etc/samba/samba.keytab
> kerberos method = dedicated keytab
> passdb backend = ipasam:ldap://barbas.chao5.int
> ldap://marbas.chao5.int
> security = USER
> create krb5 conf = No
> rpc_daemon:lsasd = fork
> rpc_daemon:epmd = fork
> rpc_server:tcpip = yes
> rpc_server:netlogon = external
> rpc_server:samr = external
> rpc_server:lsasd = external
> rpc_server:lsass = external
> rpc_server:lsarpc = external
> rpc_server:epmapper = external
> ldapsam:trusted = yes
> idmap config * : backend = tdb
>
> ldap admin dn = cn=Directory Manager
>
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> inherit acls = Yes
>
> [shared]
> comment = Public Share Test
> path = /mnt
> writable = yes
> browsable = yes
> guest ok = no
> read only = no
>
I do not believe I am typing this, but you should be using sssd,
security should be 'ADS' and you are asking on the wrong list. Samba
does not produce the required 'idmap_sss' backend you require, so I
suggest you start by reading this:
https://freeipa.readthedocs.io/en/latest/designs/adtrust/samba-domain-member.html
and contact the sssd-users mailing list.
I should also point out that you cannot have Samba shares or use NTLM.
Rowland
More information about the samba
mailing list