Stefan G. Weichinger
2017-Jul-11 12:19 UTC
[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Am 2017-07-11 um 14:00 schrieb Rowland Penny:>> template homedir = /home/%U >> >> works for me in this context, right? > > That should work.edited accordingly, and rm-ed that idmap schema line on DM. I now have on the DM: [global] workgroup = BUERO realm = secret.AT netbios name = SERVER security = ADS map to guest = Bad User username map = /etc/samba/smbusers dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind trusted domains only = no winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes # Use settings from AD for login shell and home directory winbind nss info = template template shell = /usr/sbin/nologin template homedir = /mnt/samba/Daten/%U map untrusted to domain = Yes # Default idmap config used for BUILTIN and local accounts/groups idmap config *:backend = tdb idmap config *:range = 2000-9999 # idmap config for domain BUERO idmap config BUERO:backend = rid idmap config BUERO:range = 10000-99999 load printers = no printing = bsd printcap name = /dev/null # turn off roaming profiles logon path = "" logon home = "" #hosts allow = localhost 192.168.16. 172.32.99. log level = 3 ---- Restarted winbind, did "killall -HUP" on smbd and nmbd. still can't login to DM via smbclient and that mentioned user. I assume I need to restart all the smbd daemons ... ?
On Tue, 11 Jul 2017 14:19:09 +0200 "Stefan G. Weichinger" <lists at xunil.at> wrote:> Am 2017-07-11 um 14:00 schrieb Rowland Penny: > > >> template homedir = /home/%U > >> > >> works for me in this context, right? > > > > That should work. > > edited accordingly, and rm-ed that idmap schema line on DM. > > I now have on the DM: > > [global] > workgroup = BUERO > realm = secret.AT > netbios name = SERVER > > security = ADS > map to guest = Bad User > username map = /etc/samba/smbusers > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > winbind refresh tickets = yes > > winbind trusted domains only = no > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > > # Use settings from AD for login shell and home directory > winbind nss info = template > template shell = /usr/sbin/nologin > template homedir = /mnt/samba/Daten/%U > > map untrusted to domain = Yes > > # Default idmap config used for BUILTIN and local accounts/groups > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > > # idmap config for domain BUERO > idmap config BUERO:backend = rid > idmap config BUERO:range = 10000-99999 > > load printers = no > printing = bsd > printcap name = /dev/null > > # turn off roaming profiles > logon path = "" > logon home = "" > > #hosts allow = localhost 192.168.16. 172.32.99. > > log level = 3 > > ---- > > Restarted winbind, did "killall -HUP" on smbd and nmbd. > > still can't login to DM via smbclient and that mentioned user. > > I assume I need to restart all the smbd daemons ... ?Well, you wouldn't be able to, would you, what with having this in smb.conf: template shell = /usr/sbin/nologin The bit on the end sort of gives it away ;-) Try changing it to this: template shell = /bin/bash Rowland
Stefan G. Weichinger
2017-Jul-11 12:47 UTC
[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Am 2017-07-11 um 14:40 schrieb Rowland Penny:>> Restarted winbind, did "killall -HUP" on smbd and nmbd. >> >> still can't login to DM via smbclient and that mentioned user. >> >> I assume I need to restart all the smbd daemons ... ? > > Well, you wouldn't be able to, would you, what with having this in > smb.conf: > > template shell = /usr/sbin/nologin > > The bit on the end sort of gives it away ;-) > > Try changing it to this: > > template shell = /bin/bashoh my, ok (that was from samba.wiki or so!) Doesn't change a thing, after restart winbind, and HUP s|nmbd -> # smbclient \\\\server\\daten -Usgw%PW session setup failed: NT_STATUS_UNSUCCESSFUL