Re: [Samba] Sample smb.conf for ADs authentication
- Date: Fri, 14 Dec 2018 18:26:37 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Sample smb.conf for ADs authentication
On Fri, 14 Dec 2018 12:50:28 -0500
Gilbert Soucy <gsoucy@xxxxxxxxx> wrote:
> We made some progress. I checked all the packaged installed and there
> was still an sssd tool installed.
> After removing that package, the ping is now working:
> [root@server samba]# wbinfo --ping-dc
> checking the NETLOGON for domain[DOMAIN] dc connection to
> "DC1.domain.com" succeeded
That would probably do it, sssd has its own version of a Samba winbind
> However, we still cannot list the users:
> [root@server samba]# getent passwd DOMAIN\\t3500
> [root@server samba]#
Try adding 'winbind use default domain = yes'
Restart Samba and then try it like this:
getent passwd t3500
If that doesn't work, change your 'idmap config' lines to these:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN:backend = rid
idmap config DOMAIN:range = 10000-999999
This is just for a test, if 'getent' now works, the problem lines in
AD, if it doesn't work, it is an OS problem.
> Can we get more info now as to why it is not working ? I cannot see
> anything intetresting in the logs.
> You will find the answers to your questions below.
> > what is in /etc/hostname
> [root@server samba]# cat /etc/hostname
> > what is in /etc/hosts
> [root@server samba]# cat /etc/hosts
> 127.0.0.1 localhost localhost.localdomain localhost4
> ::1 localhost localhost.localdomain localhost6
> 192.168.1.21 adserver.domain.com adserver
> 192.168.1.68 server.domain.com server
You do not need the 'adserver' line
To unsubscribe from this list go to the following URL and read the