Re: [Samba] Question: Samba and YP-Yellow Pages relation.
- Date: Fri, 6 Apr 2018 09:15:28 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Question: Samba and YP-Yellow Pages relation.
On Thu, 5 Apr 2018 18:57:03 -0300
"Suporte - KONTROL" <suporte@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi Rowland,
> Actually I don't want to disable the Yellow Pages, that's a situation
> I already have in the pFsense, cause YP was disabled by the pfsense
Yellow pages is the old name for NIS and unless it is installed it
isn't used by Linux and I suspect the same goes for freebsd.
>So my doubt is: Is there a way to make samba (latest
> version) to work without the YP enabled? What about what people made
> with that samba version 4.4.16 I mentioned? Not sure how they did
> that. The only thing I know is that it is working fine even without
> the YP.
I would love to know what they did, perhaps the relevant code has been
accepted into Samba.
> The Microsoft environment is mixed. I have Win2008R2 / Win2012 R2 and
> Win2016. It is working today with all of them.
Here is the good part, Unless you extend Windows by installing 'IDMU',
it has no knowledge of NIS and you cannot install 'IDMU' on Win2016
> No problems, Here is the smb4.conf file:
and here is my version for 4.7.6, basically yours with default lines
remove and the deprecated 'idmap uid & gid' lines replaced with their
workgroup = SAMDOM
security = ads
realm = SAMDOM.EXAMPLE.COM
## map ids outside of domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 2000-9999
## map ids from the domain the ranges may not overlap !
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-999999
template shell = /bin/bash
winbind offline logon = yes
winbind refresh tickets = yes
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
log level = 3 passdb:5 winbind:3
printcap name = /dev/null
load printers = no
printing = bsd
local master = no
kerberos method = secrets and keytab
winbind refresh tickets = yes
comment = Home Directories
valid users = %s, %D%W%S
browseable = no
read only = no
inherit acls = yes
With that smb.conf, I joined it to my domain with:
net ads join
Using short domain name -- SAMDOM
Joined 'TESTCLIENT1' to dns domain 'samdom.example.com'
and if I examine the keytab created, I find this:
ktutil: rkt /etc/krb5.keytab
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 host/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
2 2 host/TESTCLIENT1@xxxxxxxxxxxxxxxxxx
3 2 host/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
4 2 host/TESTCLIENT1@xxxxxxxxxxxxxxxxxx
5 2 host/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
6 2 host/TESTCLIENT1@xxxxxxxxxxxxxxxxxx
7 2 host/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
8 2 host/TESTCLIENT1@xxxxxxxxxxxxxxxxxx
9 2 host/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
10 2 host/TESTCLIENT1@xxxxxxxxxxxxxxxxxx
11 2 TESTCLIENT1$@SAMDOM.EXAMPLE.COM
12 2 TESTCLIENT1$@SAMDOM.EXAMPLE.COM
13 2 TESTCLIENT1$@SAMDOM.EXAMPLE.COM
14 2 TESTCLIENT1$@SAMDOM.EXAMPLE.COM
15 2 TESTCLIENT1$@SAMDOM.EXAMPLE.COM
16 2 HTTP/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
17 2 HTTP/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
18 2 HTTP/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
19 2 HTTP/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
20 2 HTTP/testclient1.samdom.example.com@xxxxxxxxxxxxxxxxxx
So the required UPN is there, so all I can suggest is, give it a try.
I do not use Squid, but I know a man that does ;-)
So over to you Louis.
To unsubscribe from this list go to the following URL and read the