[Samba] I can't login into my Linux client with Samba DC users.
L.P.H. van Belle
belle at bazuin.nl
Mon Jul 19 07:24:28 UTC 2021
What Rowland Said +
On "Server"
Theres still sss defined in nsswitch.conf
netgroup: sss files
automount: sss files
services: sss files
Remove all sss entries.
I do think there is still something wrong because.
In smb.conf i see.
interfaces = lo enp0s17
enp0s17: inet 192.168.56.7/24
/etc/hosts
192.168.56.7 mydc.mydomain.z mydc
10.0.3.15 mydc.mydomain.z << this one isnt doing anyting execpt causing problem.
Remove it.
Your member its hosts, should look like :
/etc/hosts
192.168.56.9 node3.mydomain.z node3
/etc/resolv.conf
search mydomain.z
nameserver 192.168.56.7
There is also still : 10.0.3.15 same as on the Server.
In order to change.
1) you network config ( ip/internface )
2) /etc/hosts
3) /etc/resolvconf
https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora-linux-permanently/
Reboot,
Verify the hostname with
hostname -I All ipadresses
hostname -A All hostnames and alias names.
And hostname -f = FQDN (hostname -s + hostname -d )
hostname -d = dns domain (search line in resolve.conf)
On both servers winbind must be installed and SSSd removed.
Did you sync time of the member with the AD-DC? If not,
Verify on the member at least and set it to the AD-DC.
Edit /etc/systemd/timesyncd.conf
Systemctl daemon-reload
Then thats all done and looking ok.
Kinit Administrator does that work now?
Now, last question, whats the idea with the 2 nic's AD-DC, thats not an easy setup.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Jason Long via samba
> Verzonden: zondag 18 juli 2021 16:50
> Aan: samba at lists.samba.org; Rowland Penny
> Onderwerp: Re: [Samba] I can't login into my Linux client
> with Samba DC users.
>
> Thank you.
> I removed "sssd" from my Linux client:
> # yum remove sssd
>
> Then, changed "/etc/krb5.conf" as below:
>
> [libdefaults]
> default_realm = MYDOMAIN.Z
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> Should I install winbind and winbind-clients on the client?
>
> I executed the script on the server and client and results are:
>
> On server:
> https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8y
> tk0KPMkBind5U
>
> On client:
> https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzV
> wJMZUzFNjtEwa
>
>
>
>
>
>
>
>
>
> On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny
> via samba <samba at lists.samba.org> wrote:
>
>
>
>
>
> On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba wrote:
> >
>
> > I installed Samba from its manual and in Samba manual, the "sss"
> > existed. Why "sss" doesn't need?
>
> If sssd is installed, remove it, you cannot use sssd with Samba.
>
> >
> > And I changed the content of "/etc/krb5.conf" to:
> >
> >
> > On the Linux client:
> > I added below lines to the "/etc/hosts" file:
> >
> > 127.0.0.1 localhost localhost.localdomain localhost4
> > localhost4.localdomain4
> > ::1 localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> > 192.168.56.7 mydc.mydomain.z mydc
> > 10.0.3.15 mydc.mydomain.z
>
> You cannot multihome a DC, choose an ipaddress and use just that one.
>
> >
> > The content of the "/etc/krb5.conf" file is:
> >
> > includedir /etc/krb5.conf.d/
> > [libdefaults]
> > default_realm = MYDC.MYDOMAIN.Z
>
> HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z' IS NOT YOUR
> REALM!!!
>
> Your realm is 'MYDOMAIN.Z'
>
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> >
> >
>
> You can remove the rest of /etc/krb5.conf , you do not need it.
>
> >
> >
> > I rebooted my client and I can't login to my Linux client with my
> > Samba DC usernames.
>
> Have you installed winbind and winbind-clients ?
>
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list