[Samba] Windows 2016 RSAT not connect with samba4 DC

Rowland penny rpenny at samba.org
Mon Nov 30 20:43:24 UTC 2020 

On 30/11/2020 20:32, Rommel Rodriguez Toirac via samba wrote:
> El 30 de noviembre de 2020 14:19:19 GMT-05:00, Rowland penny via samba <samba at lists.samba.org> escribió:
>> On 30/11/2020 19:09, Rommel Rodriguez Toirac wrote:
>>> El 30 de noviembre de 2020 13:41:09 GMT-05:00, Rowland penny via
>> samba <samba at lists.samba.org> escribió:
>>>> On 30/11/2020 18:21, Rommel Rodriguez Toirac wrote:
>>>>>     I do not have installed sssd. I use winbind.
>>>>>
>>>> in which case, edit /etc/nsswitch.conf and make the passwd, shadow
>> and
>>>> group lines look like this:
>>>>
>>>> passwd:      files winbind systemd
>>>> shadow:      files
>>>> group:       files winbind systemd
>>>>
>>>> remove every mention of 'sss'
>>>>
>>>> Rowland
>>>
>>>    Done, now look like this:
>>>
>>>
>>>    [root at gtmad1 sbin]# cat /etc/nsswitch.conf
>>> #
>>> # /etc/nsswitch.conf
>>> #
>>> # An example Name Service Switch config file. This file should be
>>> # sorted with the most-used services at the beginning.
>>> #
>>> # The entry '[NOTFOUND=return]' means that the search for an
>>> # entry should stop if the search in the previous entry turned
>>> # up nothing. Note that if the search failed due to some other reason
>>> # (like no NIS server responding) then the search continues with the
>>> # next entry.
>>> #
>>> # Valid entries include:
>>> #
>>> #       nisplus                 Use NIS+ (NIS version 3)
>>> #       nis                     Use NIS (NIS version 2), also called
>> YP
>>> #       dns                     Use DNS (Domain Name Service)
>>> #       files                   Use the local files in /etc
>>> #       db                      Use the pre-processed /var/db files
>>> #       compat                  Use /etc files plus *_compat
>> pseudo-databases
>>> #       hesiod                  Use Hesiod (DNS) for user lookups
>>> #       sss                     Use sssd (System Security Services
>> Daemon)
>>> #       [NOTFOUND=return]       Stop searching if not found so far
>>> #
>>> # 'sssd' performs its own 'files'-based caching, so it should
>>> # generally come before 'files'.
>>>
>>> # To use 'db', install the nss_db package, and put the 'db' in front
>>> # of 'files' for entries you want to be looked up first in the
>>> # databases, like this:
>>> #
>>> # passwd:    db files
>>> # shadow:    db files
>>> # group:     db files
>>>
>>> passwd:     files winbind systemd
>>> shadow:     files
>>> group:      files winbind systemd
>>>
>>> hosts:      files dns myhostname
>>>
>>> bootparams: files
>>>
>>> ethers:     files
>>> netmasks:   files
>>> networks:   files
>>> protocols:  files
>>> rpc:        files
>>> services:   files sss
>>>
>>> netgroup:   sss
>>>
>>> publickey:  files
>>>
>>> automount:  files sss
>>> aliases:    files
>>>
>>>
>> You still have 'sss' in the file, you do not need them if you don't
>> have
>> sssd installed, I would change 'netgroup: sss' to 'netgroup: nis' and
>> remove the other 'sss'
>>
>> Rowland
>
>
>
>   After send the messages I was change the file and lets it like this:
>
>
>   [root at gtmad1 var]# cat /etc/nsswitch.conf
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an
> # entry should stop if the search in the previous entry turned
> # up nothing. Note that if the search failed due to some other reason
> # (like no NIS server responding) then the search continues with the
> # next entry.
> #
> # Valid entries include:
> #
> #       nisplus                 Use NIS+ (NIS version 3)
> #       nis                     Use NIS (NIS version 2), also called YP
> #       dns                     Use DNS (Domain Name Service)
> #       files                   Use the local files in /etc
> #       db                      Use the pre-processed /var/db files
> #       compat                  Use /etc files plus *_compat pseudo-databases
> #       hesiod                  Use Hesiod (DNS) for user lookups
> #       sss                     Use sssd (System Security Services Daemon)
> #       [NOTFOUND=return]       Stop searching if not found so far
> #
> # 'sssd' performs its own 'files'-based caching, so it should
> # generally come before 'files'.
>
> # To use 'db', install the nss_db package, and put the 'db' in front
> # of 'files' for entries you want to be looked up first in the
> # databases, like this:
> #
> # passwd:    db files
> # shadow:    db files
> # group:     db files
>
> passwd:     files winbind
> shadow:     files
> group:      files winbind
> initgroups  files
>
> hosts:      files dns myhostname
>
> bootparams: nisplus files
>
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files
> rpc:        files
> services:   files
>
> netgroup:   nis
>
> publickey:  nisplus
>
>
> automount:  files nisplus
> aliases:    files nisplus
>
>   But, it not work when I run getent command:
>
>
> [root at gtmad1 var]# wbinfo -p
> Ping to winbindd succeeded
>
>
> [root at gtmad1 var]# getent passwd "ATGTM00\\rommel.rodriguez"
>
> [root at gtmad1 var]# getent group "ATGTM00\\Domain Users"
>
>
> ... and still do not connect from Windows (7) using RSAT neather from Windows 2016 Server Admin Tools/Active Directory Users and Computer tool.
>
>
Do you have these packages installed: samba samba-winbind 
samba-winbind-clients krb5-workstation

Have you run this command: authselect select winbind with-mkhomedir

Rowland

More information about the samba mailing list