[Samba] Windows 2016 RSAT not connect with samba4 DC
Rowland penny
rpenny at samba.org
Mon Nov 30 17:42:58 UTC 2020
On 30/11/2020 17:02, Rommel Rodriguez Toirac via samba wrote:
> El 30 de noviembre de 2020 11:08:56 GMT-05:00, Rowland penny via samba <samba at lists.samba.org> escribió:
>> On 30/11/2020 15:11, Rommel Rodriguez Toirac via samba wrote:
>>> Now I test from Windows 7 using RSAT and can not connect neather to
>> the samba 4.13.2 (adittional DC)
>>> Here the result of commands asked:
>>>
>>>
>>> [root at gtmad1 ~]# cat /etc/centos-release
>>> CentOS Linux release 8.2.2004 (Core)
>>>
>>> Checking file: /etc/nsswitch.conf
>>>
>>> #
>>> # /etc/nsswitch.conf
>>> #
>>> # An example Name Service Switch config file. This file should be
>>> # sorted with the most-used services at the beginning.
>>> #
>>> # The entry '[NOTFOUND=return]' means that the search for an
>>> # entry should stop if the search in the previous entry turned
>>> # up nothing. Note that if the search failed due to some other reason
>>> # (like no NIS server responding) then the search continues with the
>>> # next entry.
>>> #
>>> # Valid entries include:
>>> #
>>> # nisplus Use NIS+ (NIS version 3)
>>> # nis Use NIS (NIS version 2), also called
>> YP
>>> # dns Use DNS (Domain Name Service)
>>> # files Use the local files in /etc
>>> # db Use the pre-processed /var/db files
>>> # compat Use /etc files plus *_compat
>> pseudo-databases
>>> # hesiod Use Hesiod (DNS) for user lookups
>>> # sss Use sssd (System Security Services
>> Daemon)
>>> # [NOTFOUND=return] Stop searching if not found so far
>>> #
>>> # 'sssd' performs its own 'files'-based caching, so it should
>>> # generally come before 'files'.
>>>
>>> # To use 'db', install the nss_db package, and put the 'db' in front
>>> # of 'files' for entries you want to be looked up first in the
>>> # databases, like this:
>>> #
>>> # passwd: db files
>>> # shadow: db files
>>> # group: db files
>>>
>>> passwd: sss files systemd
>>> shadow: files sss
>>> group: sss files systemd
>>>
>>> hosts: files dns myhostname
>>>
>>> bootparams: files
>>>
>>> ethers: files
>>> netmasks: files
>>> networks: files
>>> protocols: files
>>> rpc: files
>>> services: files sss
>>>
>>> netgroup: sss
>>>
>>> publickey: files
>>>
>>> automount: files sss
>>> aliases: files
>> You have problems, mainly because you are using Centos 8 with a version
>>
>> of Samba >= 4.8.0.
>>
>> You cannot use sssd with Samba >= 4.8.0, you must use winbind, but even
>>
>> if you use winbind (which incidently you are), you cannot kerberos with
>>
>> PAM because red-hat removed the required package.
>>
>> How fixed are you on using Centos ?
>>
>> Are you prepared to use a different distro ?
>>
>> Rowland
>
>
> Hello;
>
> In /etc/nsswitch.conf I change to:
>
> passwd: files sss systemd
> shadow: files sss
> group: files dsd system
>
> Can tell me any test to do, workaround to test this Server (samba 4.13.2)?
>
> I guest is working fine. Using samba- tool I can change the password of the user, list the OU, list the users, etc. I just can not connect from Windows RSAT.
>
> All my Server (virtuals and no virtuals) are running CentOS, except the Proxmoxs for virtuals.
>
>
I think you will need to run 'dnf remove sssd', this will remove sssd.
You need to decide if you want to do this. You also need to understand
that you cannot use sssd with winbind because sssd uses its own versions
of some of the winbind libs. It is either winbind or sssd, not both.
Red-Hat, on RHEL8, seemingly wants you to use FreeIPA instead of Samba,
they have replaced libpam-krb5 with a version built into sssd, Openldap
has been removed along with smbldap-tools (not that the latter will
really be missed)
So, it boils down to, what do you use Samba for ? you are using it as an
AD DC, so my advice is to stop using sssd. Whether you do this by
removing sssd or using a different OS, is up to you.
Rowland
More information about the samba
mailing list