Web lists-archives.com

Re: [Samba] Sample smb.conf for ADs authentication




On Fri, 14 Dec 2018 12:50:28 -0500
Gilbert Soucy <gsoucy@xxxxxxxxx> wrote:

> Hello,
> 
> We made some progress. I checked all the packaged installed and there
> was still an sssd tool installed.
> 
> After removing that package, the ping is now working:
> 
> [root@server samba]# wbinfo --ping-dc
> checking the NETLOGON for domain[DOMAIN] dc connection to
> "DC1.domain.com" succeeded

That would probably do it, sssd has its own version of a Samba winbind
lib.

> 
> 
> However, we still cannot list the users:
> 
> [root@server samba]# getent passwd DOMAIN\\t3500
> [root@server samba]#
> 

Try adding 'winbind use default domain = yes'
Restart Samba and then try it like this:

getent passwd t3500

If that doesn't work, change your 'idmap config' lines to these:

       idmap config * : backend = tdb
       idmap config * : range = 3000-7999
       idmap config DOMAIN:backend = rid
       idmap config DOMAIN:range = 10000-999999

This is just for a test, if 'getent' now works, the problem lines in
AD, if it doesn't work, it is an OS problem.

> 
> Can we get more info now as to why it is not working ? I cannot see
> anything intetresting in the logs.
> 
> You will find the answers to your questions below.
> 
> ===============
> 
> > what is in /etc/hostname
> 
> [root@server samba]# cat /etc/hostname
> server
> 
> ============
> 
> > what is in /etc/hosts
> 
> [root@server samba]# cat /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 192.168.1.21    adserver.domain.com   adserver
> 192.168.1.68 server.domain.com  server
> 

You do not need the 'adserver' line

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba