Hello all, I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 and function level 2008_R2. This one works so far and I can manage the AD from a windows client. Now I setup a member server based on CentOS7 with sernet samba 4.1.14 just like the wiki advises with the same smb.conf (realm etc is configured to my needs. I joined the AD and configured nsswitch. wbinfo works so far but getent passwd or getent group doesn't list domain objects. getent group testgroup1 works, but getent passwd testuser1 does not. I created a share in smb.conf. Now I want to set the SeDiskOperatorPrivilege like the wiki advises. But it doesn't work. It says that it can't connect to server 127.0.0.1. I tried it with net rpc rights grant 'DOM\Domain Admins' SeDiskOperatorPrivilege -U'DOM\administrator' Now I can not access the server from windows to set share permissions. What to do? The wiki told nothing about kerberos so I did not do anything to it. Thanks in advance
On 09/01/15 13:47, Tim wrote:> Hello all, > > I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 and function level 2008_R2. This one works so far and I can manage the AD from a windows client. > > Now I setup a member server based on CentOS7 with sernet samba 4.1.14 just like the wiki advises with the same smb.conf (realm etc is configured to my needs. I joined the AD and configured nsswitch. > > wbinfo works so far but getent passwd or getent group doesn't list domain objects. getent group testgroup1 works, but getent passwd testuser1 does not. > > I created a share in smb.conf. Now I want to set the SeDiskOperatorPrivilege like the wiki advises. > But it doesn't work. It says that it can't connect to server 127.0.0.1. I tried it with > net rpc rights grant 'DOM\Domain Admins' SeDiskOperatorPrivilege -U'DOM\administrator' > > Now I can not access the server from windows to set share permissions. > > What to do? The wiki told nothing about kerberos so I did not do anything to it. > > Thanks in advanceHi, you appear to be the second person in two days having a similar, if not the same problem with the sernet packages. I don't think it is a kerberos problem, can you check if you have 'libnss_winbind.so.2' anywhere. Rowland
I only have libnss_winbind.so in /usr/lib64 Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:>On 09/01/15 13:47, Tim wrote: >> Hello all, >> >> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 >and function level 2008_R2. This one works so far and I can manage the >AD from a windows client. >> >> Now I setup a member server based on CentOS7 with sernet samba 4.1.14 >just like the wiki advises with the same smb.conf (realm etc is >configured to my needs. I joined the AD and configured nsswitch. >> >> wbinfo works so far but getent passwd or getent group doesn't list >domain objects. getent group testgroup1 works, but getent passwd >testuser1 does not. >> >> I created a share in smb.conf. Now I want to set the >SeDiskOperatorPrivilege like the wiki advises. >> But it doesn't work. It says that it can't connect to server >127.0.0.1. I tried it with >> net rpc rights grant 'DOM\Domain Admins' SeDiskOperatorPrivilege >-U'DOM\administrator' >> >> Now I can not access the server from windows to set share >permissions. >> >> What to do? The wiki told nothing about kerberos so I did not do >anything to it. >> >> Thanks in advance > >Hi, you appear to be the second person in two days having a similar, if > >not the same problem with the sernet packages. I don't think it is a >kerberos problem, can you check if you have 'libnss_winbind.so.2' >anywhere. > >Rowland >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
Sorry, I have to correct: libnss_winbind.so.2 is located in /lib64 Thanks Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:>On 09/01/15 13:47, Tim wrote: >> Hello all, >> >> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 >and function level 2008_R2. This one works so far and I can manage the >AD from a windows client. >> >> Now I setup a member server based on CentOS7 with sernet samba 4.1.14 >just like the wiki advises with the same smb.conf (realm etc is >configured to my needs. I joined the AD and configured nsswitch. >> >> wbinfo works so far but getent passwd or getent group doesn't list >domain objects. getent group testgroup1 works, but getent passwd >testuser1 does not. >> >> I created a share in smb.conf. Now I want to set the >SeDiskOperatorPrivilege like the wiki advises. >> But it doesn't work. It says that it can't connect to server >127.0.0.1. I tried it with >> net rpc rights grant 'DOM\Domain Admins' SeDiskOperatorPrivilege >-U'DOM\administrator' >> >> Now I can not access the server from windows to set share >permissions. >> >> What to do? The wiki told nothing about kerberos so I did not do >anything to it. >> >> Thanks in advance > >Hi, you appear to be the second person in two days having a similar, if > >not the same problem with the sernet packages. I don't think it is a >kerberos problem, can you check if you have 'libnss_winbind.so.2' >anywhere. > >Rowland >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
I switched to rid module of idmapping and now winbind offers all groups and I can set SeDiskOperatorPrivilege. getent group and getent passwd are now working! Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:>On 09/01/15 13:47, Tim wrote: >> Hello all, >> >> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 >and function level 2008_R2. This one works so far and I can manage the >AD from a windows client. >> >> Now I setup a member server based on CentOS7 with sernet samba 4.1.14 >just like the wiki advises with the same smb.conf (realm etc is >configured to my needs. I joined the AD and configured nsswitch. >> >> wbinfo works so far but getent passwd or getent group doesn't list >domain objects. getent group testgroup1 works, but getent passwd >testuser1 does not. >> >> I created a share in smb.conf. Now I want to set the >SeDiskOperatorPrivilege like the wiki advises. >> But it doesn't work. It says that it can't connect to server >127.0.0.1. I tried it with >> net rpc rights grant 'DOM\Domain Admins' SeDiskOperatorPrivilege >-U'DOM\administrator' >> >> Now I can not access the server from windows to set share >permissions. >> >> What to do? The wiki told nothing about kerberos so I did not do >anything to it. >> >> Thanks in advance > >Hi, you appear to be the second person in two days having a similar, if > >not the same problem with the sernet packages. I don't think it is a >kerberos problem, can you check if you have 'libnss_winbind.so.2' >anywhere. > >Rowland >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba