[Samba] Windows 2016 RSAT not connect with samba4 DC
Rommel Rodriguez Toirac
rommelrt at nauta.cu
Mon Nov 30 22:25:20 UTC 2020
El 30 de noviembre de 2020 16:27:10 GMT-05:00, Rowland penny via samba <samba at lists.samba.org> escribió:
>On 30/11/2020 20:55, Rommel Rodriguez Toirac wrote:
>> El 30 de noviembre de 2020 15:43:24 GMT-05:00, Rowland penny via
>samba <samba at lists.samba.org> escribió:
>>> On 30/11/2020 20:32, Rommel Rodriguez Toirac via samba wrote:
>>>> El 30 de noviembre de 2020 14:19:19 GMT-05:00, Rowland penny via
>>> samba <samba at lists.samba.org> escribió:
>>>>> On 30/11/2020 19:09, Rommel Rodriguez Toirac wrote:
>>>>>> El 30 de noviembre de 2020 13:41:09 GMT-05:00, Rowland penny via
>>>>> samba <samba at lists.samba.org> escribió:
>>>>>>> On 30/11/2020 18:21, Rommel Rodriguez Toirac wrote:
>>>>>>>> I do not have installed sssd. I use winbind.
>>>>>>>>
>>>>>>> in which case, edit /etc/nsswitch.conf and make the passwd,
>shadow
>>>>> and
>>>>>>> group lines look like this:
>>>>>>>
>>>>>>> passwd: files winbind systemd
>>>>>>> shadow: files
>>>>>>> group: files winbind systemd
>>>>>>>
>>>>>>> remove every mention of 'sss'
>>>>>>>
>>>>>>> Rowland
>>>>>> Done, now look like this:
>>>>>>
>>>>>>
>>>>>> [root at gtmad1 sbin]# cat /etc/nsswitch.conf
>>>>>> #
>>>>>> # /etc/nsswitch.conf
>>>>>> #
>>>>>> # An example Name Service Switch config file. This file should be
>>>>>> # sorted with the most-used services at the beginning.
>>>>>> #
>>>>>> # The entry '[NOTFOUND=return]' means that the search for an
>>>>>> # entry should stop if the search in the previous entry turned
>>>>>> # up nothing. Note that if the search failed due to some other
>>> reason
>>>>>> # (like no NIS server responding) then the search continues with
>>> the
>>>>>> # next entry.
>>>>>> #
>>>>>> # Valid entries include:
>>>>>> #
>>>>>> # nisplus Use NIS+ (NIS version 3)
>>>>>> # nis Use NIS (NIS version 2), also
>>> called
>>>>> YP
>>>>>> # dns Use DNS (Domain Name Service)
>>>>>> # files Use the local files in /etc
>>>>>> # db Use the pre-processed /var/db
>files
>>>>>> # compat Use /etc files plus *_compat
>>>>> pseudo-databases
>>>>>> # hesiod Use Hesiod (DNS) for user lookups
>>>>>> # sss Use sssd (System Security
>Services
>>>>> Daemon)
>>>>>> # [NOTFOUND=return] Stop searching if not found so
>far
>>>>>> #
>>>>>> # 'sssd' performs its own 'files'-based caching, so it should
>>>>>> # generally come before 'files'.
>>>>>>
>>>>>> # To use 'db', install the nss_db package, and put the 'db' in
>>> front
>>>>>> # of 'files' for entries you want to be looked up first in the
>>>>>> # databases, like this:
>>>>>> #
>>>>>> # passwd: db files
>>>>>> # shadow: db files
>>>>>> # group: db files
>>>>>>
>>>>>> passwd: files winbind systemd
>>>>>> shadow: files
>>>>>> group: files winbind systemd
>>>>>>
>>>>>> hosts: files dns myhostname
>>>>>>
>>>>>> bootparams: files
>>>>>>
>>>>>> ethers: files
>>>>>> netmasks: files
>>>>>> networks: files
>>>>>> protocols: files
>>>>>> rpc: files
>>>>>> services: files sss
>>>>>>
>>>>>> netgroup: sss
>>>>>>
>>>>>> publickey: files
>>>>>>
>>>>>> automount: files sss
>>>>>> aliases: files
>>>>>>
>>>>>>
>>>>> You still have 'sss' in the file, you do not need them if you
>don't
>>>>> have
>>>>> sssd installed, I would change 'netgroup: sss' to 'netgroup: nis'
>>> and
>>>>> remove the other 'sss'
>>>>>
>>>>> Rowland
>>>>
>>>>
>>>> After send the messages I was change the file and lets it like
>>> this:
>>>>
>>>> [root at gtmad1 var]# cat /etc/nsswitch.conf
>>>> #
>>>> # /etc/nsswitch.conf
>>>> #
>>>> # An example Name Service Switch config file. This file should be
>>>> # sorted with the most-used services at the beginning.
>>>> #
>>>> # The entry '[NOTFOUND=return]' means that the search for an
>>>> # entry should stop if the search in the previous entry turned
>>>> # up nothing. Note that if the search failed due to some other
>reason
>>>> # (like no NIS server responding) then the search continues with
>the
>>>> # next entry.
>>>> #
>>>> # Valid entries include:
>>>> #
>>>> # nisplus Use NIS+ (NIS version 3)
>>>> # nis Use NIS (NIS version 2), also
>called
>>> YP
>>>> # dns Use DNS (Domain Name Service)
>>>> # files Use the local files in /etc
>>>> # db Use the pre-processed /var/db files
>>>> # compat Use /etc files plus *_compat
>>> pseudo-databases
>>>> # hesiod Use Hesiod (DNS) for user lookups
>>>> # sss Use sssd (System Security Services
>>> Daemon)
>>>> # [NOTFOUND=return] Stop searching if not found so far
>>>> #
>>>> # 'sssd' performs its own 'files'-based caching, so it should
>>>> # generally come before 'files'.
>>>>
>>>> # To use 'db', install the nss_db package, and put the 'db' in
>front
>>>> # of 'files' for entries you want to be looked up first in the
>>>> # databases, like this:
>>>> #
>>>> # passwd: db files
>>>> # shadow: db files
>>>> # group: db files
>>>>
>>>> passwd: files winbind
>>>> shadow: files
>>>> group: files winbind
>>>> initgroups files
>>>>
>>>> hosts: files dns myhostname
>>>>
>>>> bootparams: nisplus files
>>>>
>>>> ethers: files
>>>> netmasks: files
>>>> networks: files
>>>> protocols: files
>>>> rpc: files
>>>> services: files
>>>>
>>>> netgroup: nis
>>>>
>>>> publickey: nisplus
>>>>
>>>>
>>>> automount: files nisplus
>>>> aliases: files nisplus
>>>>
>>>> But, it not work when I run getent command:
>>>>
>>>>
>>>> [root at gtmad1 var]# wbinfo -p
>>>> Ping to winbindd succeeded
>>>>
>>>>
>>>> [root at gtmad1 var]# getent passwd "ATGTM00\\rommel.rodriguez"
>>>>
>>>> [root at gtmad1 var]# getent group "ATGTM00\\Domain Users"
>>>>
>>>>
>>>> ... and still do not connect from Windows (7) using RSAT neather
>from
>>> Windows 2016 Server Admin Tools/Active Directory Users and Computer
>>> tool.
>>>>
>>> Do you have these packages installed: samba samba-winbind
>>> samba-winbind-clients krb5-workstation
>>>
>>> Have you run this command: authselect select winbind with-mkhomedir
>>>
>>> Rowland
>>
>>
>> (Sorry for all problems)
>>
>> Is needed this packeds even I compile from source
>samba-4.13.2.tar.gz?
>
>No, but you will need to create the links, see here:
>https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
>
>Rowland
Thanks, now is working. I made the links:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/
ln -s /lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
Testing command getent:
[root at gtmad1 ~]# getent passwd "ATGTM00\\rommel.rodriguez"
ATGTM00\rommel.rodriguez:*:3000127:100::/home/ATGTM00/rommel.rodriguez:/bin/false
[root at gtmad1 ~]# getent group "ATGTM00\\Domain Users"
ATGTM00\domain users:x:100:
I still can not to connect using Windows 7 RSAT or Windows 2016 Server Admin Tools/Active Directory User and Computers tools to make some task of administrations to this Domain Controller samba 4.13.2.
I can do it to samba 4.11.2 (my ADDC)
--
Rommel Rodriguez Toirac
rommelrt at nauta.cu
More information about the samba
mailing list