I'm a issue with my File Server as a Member Server. I followed many tutorials, but my authentication in Member Server doesn't work. I think the issue is in my krb5.conf or nssswitch.conf Follow is my /etc/krb5.conf in a Member Server: [libdefaults] default_realm = MEUDOMINIO.COM MEUDOMINIO.COM = { kdc = 10.133.84.25 admin_server = 10.133.84.25 default_domain = MEUDOMINIO.COM } MEUDOMINIO.COM = { kdc = 10.133.84.25 admin_server = 10.133.84.25:88 } [domain_realm] .meudominio.com = .MEUDOMINIO.COM meudominio.com = MEUDOMINIO.COM [login] krb4_convert = true krb4_get_tickets = true The below is my /etc/nsswitch.conf in a Member Server: passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis I'm using debian 7.2 - 64 bits and Samba 4.2.1 Are settings corrects?
Your krb5.conf does not seem right. After the [libdefaults] section should come the [realms] section, which is not there. Other aspects of it don' look right. Look at the Samba WiKi: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server Also this page: Joining a Debian Client to Active Directory https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory It contains a typical krb5.conf template. ----- Original Message ----- From: Marcio Demetrio Bacci <marciobacci at gmail.com> To: samba at lists.samba.org Date: Mon, 13 Jul 2015 19:08:43 -0300 Subject: [Samba] Member Server with problems> I'm a issue with my File Server as a Member Server. I followed many > tutorials, but my authentication in Member Server doesn't work. I think > the issue is in my krb5.conf or nssswitch.conf > > Follow is my /etc/krb5.conf in a Member Server: > > [libdefaults] > default_realm = MEUDOMINIO.COM > > MEUDOMINIO.COM = { > kdc = 10.133.84.25 > admin_server = 10.133.84.25 > default_domain = MEUDOMINIO.COM > } > > MEUDOMINIO.COM = { > kdc = 10.133.84.25 > admin_server = 10.133.84.25:88 > } > > [domain_realm] > .meudominio.com = .MEUDOMINIO.COM > meudominio.com = MEUDOMINIO.COM > > [login] > krb4_convert = true > krb4_get_tickets = true > > The below is my /etc/nsswitch.conf in a Member Server: > > passwd: compat winbind > group: compat winbind > shadow: compat > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > I'm using debian 7.2 - 64 bits and Samba 4.2.1 > > Are settings corrects? > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 13/07/15 23:08, Marcio Demetrio Bacci wrote:> I'm a issue with my File Server as a Member Server. I followed many > tutorials, but my authentication in Member Server doesn't work. I think > the issue is in my krb5.conf or nssswitch.conf > > Follow is my /etc/krb5.conf in a Member Server: > > [libdefaults] > default_realm = MEUDOMINIO.COM > > MEUDOMINIO.COM = { > kdc = 10.133.84.25 > admin_server = 10.133.84.25 > default_domain = MEUDOMINIO.COM > } > > MEUDOMINIO.COM = { > kdc = 10.133.84.25 > admin_server = 10.133.84.25:88 > } > > [domain_realm] > .meudominio.com = .MEUDOMINIO.COM > meudominio.com = MEUDOMINIO.COM > > [login] > krb4_convert = true > krb4_get_tickets = true > > The below is my /etc/nsswitch.conf in a Member Server: > > passwd: compat winbind > group: compat winbind > shadow: compat > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > I'm using debian 7.2 - 64 bits and Samba 4.2.1 > > Are settings corrects?OK, this is the /etc/krb5.conf on the laptop I am typing this on: [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true This is on Linux Mint 17 (aka Ubuntu 14.04), now you may be thinking, what has this to do with a member server? Well, a Linux client is really just a member server by another name. Having got that out of the way and after you have followed the Samba wiki pages, if you are still having problems, post again with whatever errors you get (see the logs etc) Rowland