Greetings. I am running Samba 3.0.23d on Gentoo and am in the process of
joining it to the AD domain as I have done with numerous other servers.
The last item that I am working on that is bugging the crud out of me is
that I have "winbind use default domain = yes", but when using wbinfo
-[u|g] or getent [passwd|group] I still see the domain portion of the
user/group account listed. Example:
# wbinfo -u
...
DOMAIN+kevin
DOMAIN+nelson
DOMAIN+drew
DOMAIN+john
DOMAIN+glen
...
On other servers I have set up with the same parameters, I get:
# wbinfo -u
...
kevin
nelson
drew
john
glen
...
SMB.CONF:
-------------
[global]
workgroup = DOMAIN
realm = DOMAIN.EXAMPLE.COM
netbios name = SERVER
server string = WEB-SERVER
security = ADS
log file = /var/log/samba/samba.%m
max log size = 50
name resolve order = hosts wins bcast
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
os level = 5
preferred master = no
local master = no
domain master = no
dns proxy = no
wins proxy = no
wins server = 10.0.0.1
template shell = /bin/bash
template homedir = /home/%D/%U
unix extensions = no
winbind enum users = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
encrypt passwords = yes
hosts allow = 10.0.0. 127.
KRB5.CONF:
--------------
[libdefaults]
ticket_lifetime = 600
default_realm = DOMAIN.EXAMPLE.COM
dns_lookup_kdc=0
dns_lookup_realm=0
dns_fallback=0
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-crc des-cbc-md5 arc
foug-hmac-md5 arcfour-hmac-md
[realms]
DOMAIN.EXAMPLE.COM = {
kdc = 10.0.0.1
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
Pretty generic, I know...
Brian Atkins schrieb:> Greetings. I am running Samba 3.0.23d on Gentoo and am in the process of > joining it to the AD domain as I have done with numerous other servers. > The last item that I am working on that is bugging the crud out of me is > that I have "winbind use default domain = yes", but when using wbinfo > -[u|g] or getent [passwd|group] I still see the domain portion of the > user/group account listed. Example: > > # wbinfo -u > ... > DOMAIN+kevin > DOMAIN+nelson > DOMAIN+drew > DOMAIN+john > DOMAIN+glen > ... > > On other servers I have set up with the same parameters, I get: > > # wbinfo -u > ... > kevin > nelson > drew > john > glen > ... > > SMB.CONF: > ------------- > [global] > workgroup = DOMAIN > realm = DOMAIN.EXAMPLE.COM > netbios name = SERVER > server string = WEB-SERVER > security = ADS > log file = /var/log/samba/samba.%m > max log size = 50 > name resolve order = hosts wins bcast > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > os level = 5 > preferred master = no > local master = no > domain master = no > dns proxy = no > wins proxy = no > wins server = 10.0.0.1 > template shell = /bin/bash > template homedir = /home/%D/%U > unix extensions = no > winbind enum users = yes > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum groups = yes > winbind separator = + > winbind use default domain = yes > encrypt passwords = yes > hosts allow = 10.0.0. 127. > > KRB5.CONF: > -------------- > [libdefaults] > ticket_lifetime = 600 > default_realm = DOMAIN.EXAMPLE.COM > dns_lookup_kdc=0 > dns_lookup_realm=0 > dns_fallback=0 > default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc > default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc > permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-crc des-cbc-md5 arc > foug-hmac-md5 arcfour-hmac-md > > [realms] > DOMAIN.EXAMPLE.COM = { > kdc = 10.0.0.1 > } > > [logging] > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmin.log > default = FILE:/var/log/krb5lib.log > > Pretty generic, I know...Hello, make sure that the nscd isn't not running. G?nter
Brian Atkins schrieb:> Greetings. I am running Samba 3.0.23d on Gentoo and am in the process of > joining it to the AD domain as I have done with numerous other servers. > The last item that I am working on that is bugging the crud out of me is > that I have "winbind use default domain = yes", but when using wbinfo > -[u|g] or getent [passwd|group] I still see the domain portion of the > user/group account listed. Example: > > # wbinfo -u > ... > DOMAIN+kevin > DOMAIN+nelson > DOMAIN+drew > DOMAIN+john > DOMAIN+glen > ... > > On other servers I have set up with the same parameters, I get: > > # wbinfo -u > ... > kevin > nelson > drew > john > glen > ... > > SMB.CONF: > ------------- > [global] > workgroup = DOMAIN > realm = DOMAIN.EXAMPLE.COM > netbios name = SERVER > server string = WEB-SERVER > security = ADS > log file = /var/log/samba/samba.%m > max log size = 50 > name resolve order = hosts wins bcast > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > os level = 5 > preferred master = no > local master = no > domain master = no > dns proxy = no > wins proxy = no > wins server = 10.0.0.1 > template shell = /bin/bash > template homedir = /home/%D/%U > unix extensions = no > winbind enum users = yes > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum groups = yes > winbind separator = + > winbind use default domain = yes > encrypt passwords = yes > hosts allow = 10.0.0. 127. > > KRB5.CONF: > -------------- > [libdefaults] > ticket_lifetime = 600 > default_realm = DOMAIN.EXAMPLE.COM > dns_lookup_kdc=0 > dns_lookup_realm=0 > dns_fallback=0 > default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc > default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc > permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-crc des-cbc-md5 arc > foug-hmac-md5 arcfour-hmac-md > > [realms] > DOMAIN.EXAMPLE.COM = { > kdc = 10.0.0.1 > } > > [logging] > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmin.log > default = FILE:/var/log/krb5lib.log > > Pretty generic, I know...Hallo, make sure that nscd isn't running. G?nter