David Shapiro
2006-Feb-03 16:07 UTC
[Samba] Confused about what I am seeing with domain names - --getdcname fails for ad server
Should I expect to see when I run wbinfo --getdcname=domain it return a domain controller for an ad server? It does return a server name for domain_network, the non-ad server. David Shapiro Unix Team Lead 919-765-2011>>> David Shapiro 2/3/2006 10:50:51 AM >>>I am trying to get a aix samba server to join an ads domain. I think I see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an ads server whereas the DOMAIN one is an ads server. That one is not showing information because kerberos cannot find the kdc for some reason that I can't figure out. It does have SRV records in dns. Here is the krb5.conf file I am using: mit krb5: [libdefaults] default_realm = DOMAIN.COM [realms] DOMAIN.COM = { kdc = adsserver.domain.com admin_server = adsserver.domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [logging] kdc = CONSOLE smb.conf: [global] workgroup = DOMAIN netbios name = sambaserver socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 10000-20000 idmap gid = 10000-20000 idmap backend = ad # os level = 65 winbind enum users = yes winbind enum groups = yes #winbind uid = 10000-20000 #winbind gid = 10000-20000 winbind separator = / encrypt passwords = yes server string = samba server security = ADS # security = domain realm = DOMAIN.COM password server = adsserver.domain.com preferred master = no log file = /usr/local/samba/var/log.%m log level = 10 max log size = 50 local master = No dns proxy = No wins server = wins02 wins03 wins proxy = no name resolve order = hosts wins lmhosts bcast aio read size = 1 aio write size = 1 template homedir = /home/winnt/%D/%U template shell = /bin/bash [homes] path = /home/%u read only = No David Shapiro Unix Team Lead 919-765-2011>>> "Nico De Wilde" <nico@openix.be> 2/3/2006 9:55:15 AM >>>David, Please post your smb.conf / nsswitch.conf/krb5.conf What are you trying to achieve? Joining a samba server to a Windows AD domain? Please provide some more information. Thx. Regards, Nico ----- Original Message ----- From: "David Shapiro" <David.Shapiro@bcbsnc.com> To: <samba@lists.samba.org> Sent: Friday, February 03, 2006 3:49 PM Subject: [Samba] Confused about what I am seeing with domain names>I could not get wbinfo -g/u to work and was seeing a bunch of errors > related to to not being able to enumerate groups. I saw somebodyuse> idmap backend = ad and added this since I have been struggling to getad> working (still not working). Now, when I run wbinfo -g/-u, I amgetting> groups and users, but the domain it shows is different than what I > expected. My domain I was using for workgroup line is DOMAIN, for > example, but wbinfo -g returns back: > > DOMAIN_NETWORK/group > > Is _NETWORK something that samba added, or is theis the name of the > domain I should really be using? I did a grep on wbinfo -u for myuser,> and it returned my user too. If my domain is actuallyDOMAIN_NETWORK,> is it possible my realm is not domain.com but domain_network.com or > something weird like that? Should I change my workgroup line to use > domain_network? I still can't get my kinit to find my kdc. I am > wondering if I clear this up maybe my kdc kinit command will work.Note> that I did ask my nt admin to run dns nslookup checks on > _ldap.domain.com and _kerberos.domain.com, and those did return the > correct results showing domain.com should be my realm. > > David > > > > David Shapiro > Unix Team Lead > 919-765-2011 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Possibly Parallel Threads
Wisdom of the Ancients
