[Samba] Windows 2016 RSAT not connect with samba4 DC

me at tdiehl.org me at tdiehl.org
Mon Nov 30 17:15:43 UTC 2020 

Hi Rowland,

On Mon, 30 Nov 2020, Rowland penny via samba wrote:

> On 30/11/2020 15:11, Rommel Rodriguez Toirac via samba wrote:
>>  Now I test from Windows 7 using RSAT and can not connect neather to the
>>  samba 4.13.2 (adittional DC)
>>
>>    Here the result of commands asked:
>> 
>>
>>  [root at gtmad1 ~]# cat /etc/centos-release
>>  CentOS Linux release 8.2.2004 (Core)
>>
>>         Checking file: /etc/nsswitch.conf
>> 
>> # 
>> #  /etc/nsswitch.conf
>> # 
>> #  An example Name Service Switch config file. This file should be
>> #  sorted with the most-used services at the beginning.
>> # 
>> #  The entry '[NOTFOUND=return]' means that the search for an
>> #  entry should stop if the search in the previous entry turned
>> #  up nothing. Note that if the search failed due to some other reason
>> #  (like no NIS server responding) then the search continues with the
>> #  next entry.
>> # 
>> #  Valid entries include:
>> # 
>> #        nisplus                 Use NIS+ (NIS version 3)
>> #        nis                     Use NIS (NIS version 2), also called YP
>> #        dns                     Use DNS (Domain Name Service)
>> #        files                   Use the local files in /etc
>> #        db                      Use the pre-processed /var/db files
>> #        compat                  Use /etc files plus *_compat 
>> #  pseudo-databases
>> #        hesiod                  Use Hesiod (DNS) for user lookups
>> #        sss                     Use sssd (System Security Services Daemon)
>> #        [NOTFOUND=return]       Stop searching if not found so far
>> # 
>> #  'sssd' performs its own 'files'-based caching, so it should
>> #  generally come before 'files'.
>> 
>> #  To use 'db', install the nss_db package, and put the 'db' in front
>> #  of 'files' for entries you want to be looked up first in the
>> #  databases, like this:
>> # 
>> #  passwd:    db files
>> #  shadow:    db files
>> #  group:     db files
>>
>>  passwd:      sss files systemd
>>  shadow:     files sss
>>  group:       sss files systemd
>>
>>  hosts:      files dns myhostname
>>
>>  bootparams: files
>>
>>  ethers:     files
>>  netmasks:   files
>>  networks:   files
>>  protocols:  files
>>  rpc:        files
>>  services:   files sss
>>
>>  netgroup:   sss
>>
>>  publickey:  files
>>
>>  automount:  files sss
>>  aliases:    files
>
> You have problems, mainly because you are using Centos 8 with a version of 
> Samba >= 4.8.0.
>
> You cannot use sssd with Samba >= 4.8.0, you must use winbind, but even if

Just curious, how can you tell he is using sssd? The above entries in nsswitch
do not necessarily mean he is using sssd. I am running 4.12.latest on Centos 8
as a DC but have removed the sssd packages. I just looked and the above
nsswitch entries are still there.

> you use winbind (which incidentally you are), you cannot kerberos with PAM 
> because red-hat removed the required package.

What package would that be?

Are you talking about on a DC or a member server. If you are talking about a DC
kerberos seems to work just fine on a Centos 8 DC. What am I missing?

Regards,

-- 
Tom			me at tdiehl.org

More information about the samba mailing list