Nicolas Pagliaro
2013-Jul-08 15:49 UTC
[Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
Hi, I am trying to add a fresh install Centos 6 to a Windows 2008 AD like a
member
I follow this steps:
Yum install samba 4*
Then I modify smb.conf, krb5.conf and nsswitch.conf like this
Smb.conf
[global]
workgroup = ESPECTADOR
security = ADS
realm = ESPECTADOR.COM.UY
encrypt passwords = yes
password server = serv1
idmap config *:backend = tdb
idmap config *:range = 10000-20000
idmap config ESPECTADOR:backend = ad
idmap config ESPECTADOR:schema_mode = rfc2307
idmap config ESPECTADOR:range = 100000-200000
winbind nss info = rfc2307
winbind trusted domains only = no
# winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
log level = 10
[test]
path = /down
read only = no
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ESPECTADOR.COM.UY
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
ESPECTADOR.COM.UY = {
kdc = SERV1.ESPECTADOR.COM.UY:88
}
[domain_realm]
.SERV1.ESPECTADOR.COM.UY = ESPECTADOR.COM.UY
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
I have a ntp service running to have time sync with my DC.
I join the domain with no problem
I start smb and winbind = ok
But, if I try to see domain users I have this errors:
Wbinfo -u
(No data retund)
wbinfo -t
checking the trust secret for domain ESPECTADOR via RPC calls failed
error code was NT_STATUS_IO_DEVICE_ERROR (0xc0000185)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
Any idea?
Thanks
Nico Kadel-Garcia
2013-Jul-09 09:59 UTC
[Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
On Mon, Jul 8, 2013 at 11:49 AM, Nicolas Pagliaro <NPagliaro at espectador.com.uy> wrote:> Hi, I am trying to add a fresh install Centos 6 to a Windows 2008 AD like a member > > I follow this steps: > > Yum install samba 4* > Then I modify smb.conf, krb5.conf and nsswitch.conf like thisStop there. If you don't actually need an AD server on CentOS 6 or RHEL 6, yank out the Samba RPM's and replace them with older samba-3.x tools. The 4.0.0 release published in CentOS is seriously out of date, and is mostly there for some dependencies for other software. You'll be using the much more RHEL supported configuration. If you really need all the Samba 4.x features, such as a full-blown AD server, then hop over to https://github.com/nkadel/samba-4.0.7-srpm and prepare to spend some time building up the full toolchain, including an updated "iniparser", "libtalloc", "libldb", "libtevent", and recompiling the "sssd" softwaer for compatibility with the new libraries. I've done most of the work for you, except local compilation, and I know a few people are using it. But you probably don't need it.
Reasonably Related Threads
- Automatically unpause a paused queue memeber - bad idea?
- linux server a memeber of AD (with use of realm) - and samba?
- linux server a memeber of AD (with use of realm) - and samba?
- MultiMaster dsync (cluster1 cluster2 cluster3)
- Need help joining an IPv6 Windows 2008 AD server