[Samba] Windows 2016 RSAT not connect with samba4 DC
Rowland penny
rpenny at samba.org
Mon Nov 30 21:27:10 UTC 2020
On 30/11/2020 20:55, Rommel Rodriguez Toirac wrote:
> El 30 de noviembre de 2020 15:43:24 GMT-05:00, Rowland penny via samba <samba at lists.samba.org> escribió:
>> On 30/11/2020 20:32, Rommel Rodriguez Toirac via samba wrote:
>>> El 30 de noviembre de 2020 14:19:19 GMT-05:00, Rowland penny via
>> samba <samba at lists.samba.org> escribió:
>>>> On 30/11/2020 19:09, Rommel Rodriguez Toirac wrote:
>>>>> El 30 de noviembre de 2020 13:41:09 GMT-05:00, Rowland penny via
>>>> samba <samba at lists.samba.org> escribió:
>>>>>> On 30/11/2020 18:21, Rommel Rodriguez Toirac wrote:
>>>>>>> I do not have installed sssd. I use winbind.
>>>>>>>
>>>>>> in which case, edit /etc/nsswitch.conf and make the passwd, shadow
>>>> and
>>>>>> group lines look like this:
>>>>>>
>>>>>> passwd: files winbind systemd
>>>>>> shadow: files
>>>>>> group: files winbind systemd
>>>>>>
>>>>>> remove every mention of 'sss'
>>>>>>
>>>>>> Rowland
>>>>> Done, now look like this:
>>>>>
>>>>>
>>>>> [root at gtmad1 sbin]# cat /etc/nsswitch.conf
>>>>> #
>>>>> # /etc/nsswitch.conf
>>>>> #
>>>>> # An example Name Service Switch config file. This file should be
>>>>> # sorted with the most-used services at the beginning.
>>>>> #
>>>>> # The entry '[NOTFOUND=return]' means that the search for an
>>>>> # entry should stop if the search in the previous entry turned
>>>>> # up nothing. Note that if the search failed due to some other
>> reason
>>>>> # (like no NIS server responding) then the search continues with
>> the
>>>>> # next entry.
>>>>> #
>>>>> # Valid entries include:
>>>>> #
>>>>> # nisplus Use NIS+ (NIS version 3)
>>>>> # nis Use NIS (NIS version 2), also
>> called
>>>> YP
>>>>> # dns Use DNS (Domain Name Service)
>>>>> # files Use the local files in /etc
>>>>> # db Use the pre-processed /var/db files
>>>>> # compat Use /etc files plus *_compat
>>>> pseudo-databases
>>>>> # hesiod Use Hesiod (DNS) for user lookups
>>>>> # sss Use sssd (System Security Services
>>>> Daemon)
>>>>> # [NOTFOUND=return] Stop searching if not found so far
>>>>> #
>>>>> # 'sssd' performs its own 'files'-based caching, so it should
>>>>> # generally come before 'files'.
>>>>>
>>>>> # To use 'db', install the nss_db package, and put the 'db' in
>> front
>>>>> # of 'files' for entries you want to be looked up first in the
>>>>> # databases, like this:
>>>>> #
>>>>> # passwd: db files
>>>>> # shadow: db files
>>>>> # group: db files
>>>>>
>>>>> passwd: files winbind systemd
>>>>> shadow: files
>>>>> group: files winbind systemd
>>>>>
>>>>> hosts: files dns myhostname
>>>>>
>>>>> bootparams: files
>>>>>
>>>>> ethers: files
>>>>> netmasks: files
>>>>> networks: files
>>>>> protocols: files
>>>>> rpc: files
>>>>> services: files sss
>>>>>
>>>>> netgroup: sss
>>>>>
>>>>> publickey: files
>>>>>
>>>>> automount: files sss
>>>>> aliases: files
>>>>>
>>>>>
>>>> You still have 'sss' in the file, you do not need them if you don't
>>>> have
>>>> sssd installed, I would change 'netgroup: sss' to 'netgroup: nis'
>> and
>>>> remove the other 'sss'
>>>>
>>>> Rowland
>>>
>>>
>>> After send the messages I was change the file and lets it like
>> this:
>>>
>>> [root at gtmad1 var]# cat /etc/nsswitch.conf
>>> #
>>> # /etc/nsswitch.conf
>>> #
>>> # An example Name Service Switch config file. This file should be
>>> # sorted with the most-used services at the beginning.
>>> #
>>> # The entry '[NOTFOUND=return]' means that the search for an
>>> # entry should stop if the search in the previous entry turned
>>> # up nothing. Note that if the search failed due to some other reason
>>> # (like no NIS server responding) then the search continues with the
>>> # next entry.
>>> #
>>> # Valid entries include:
>>> #
>>> # nisplus Use NIS+ (NIS version 3)
>>> # nis Use NIS (NIS version 2), also called
>> YP
>>> # dns Use DNS (Domain Name Service)
>>> # files Use the local files in /etc
>>> # db Use the pre-processed /var/db files
>>> # compat Use /etc files plus *_compat
>> pseudo-databases
>>> # hesiod Use Hesiod (DNS) for user lookups
>>> # sss Use sssd (System Security Services
>> Daemon)
>>> # [NOTFOUND=return] Stop searching if not found so far
>>> #
>>> # 'sssd' performs its own 'files'-based caching, so it should
>>> # generally come before 'files'.
>>>
>>> # To use 'db', install the nss_db package, and put the 'db' in front
>>> # of 'files' for entries you want to be looked up first in the
>>> # databases, like this:
>>> #
>>> # passwd: db files
>>> # shadow: db files
>>> # group: db files
>>>
>>> passwd: files winbind
>>> shadow: files
>>> group: files winbind
>>> initgroups files
>>>
>>> hosts: files dns myhostname
>>>
>>> bootparams: nisplus files
>>>
>>> ethers: files
>>> netmasks: files
>>> networks: files
>>> protocols: files
>>> rpc: files
>>> services: files
>>>
>>> netgroup: nis
>>>
>>> publickey: nisplus
>>>
>>>
>>> automount: files nisplus
>>> aliases: files nisplus
>>>
>>> But, it not work when I run getent command:
>>>
>>>
>>> [root at gtmad1 var]# wbinfo -p
>>> Ping to winbindd succeeded
>>>
>>>
>>> [root at gtmad1 var]# getent passwd "ATGTM00\\rommel.rodriguez"
>>>
>>> [root at gtmad1 var]# getent group "ATGTM00\\Domain Users"
>>>
>>>
>>> ... and still do not connect from Windows (7) using RSAT neather from
>> Windows 2016 Server Admin Tools/Active Directory Users and Computer
>> tool.
>>>
>> Do you have these packages installed: samba samba-winbind
>> samba-winbind-clients krb5-workstation
>>
>> Have you run this command: authselect select winbind with-mkhomedir
>>
>> Rowland
>
>
> (Sorry for all problems)
>
> Is needed this packeds even I compile from source samba-4.13.2.tar.gz?
No, but you will need to create the links, see here:
https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
Rowland
More information about the samba
mailing list