Greg Scott
2014-Aug-30 19:14 UTC
[Samba] I want a Fedora 20 system to be a member server and offer a share in a Windows 2008R2 Active Directory domain
I'm close to making this work. The goal is to make this Fedora 20 system pretend to be a Windows member server in my Windows 2008R2 Active Directory domain and then I'll use it as a backup target. When I run ADUC from my domain controller, I see my F20 system named nfsa. But from Windows, when I do Start...\\nfsa, I get an Access Denied error and it prompts for credentials. When I do Start...\\nfsa\backups, it just fails with an Access Denied error. I will paste in the output from testparms below, which has everything in my smb.conf. This should all be OK. I've gotta be missing the piece that sets up my F20 system to trust A/D for authentication for F20 can advertise this share. The guidance on how to do that is contradictory and thin and I'm hopelessly confused. I'm supposed to do some editing to some pam .conf files and nsswitch.conf, but everyone has different guidance. And the edits look elaborate and prone to mistakes. So Red Hat includes a tool named authconfig that claims to handle this for me. It is supposed to set up all the .conf files to make this work. Pass authconfig the correct parameters and it all just happens. In fact, it's all documented right here in the RHEL 7 Windows Integration Guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/winbind-auth.html The example in section 4.3.2, step 4 uses a parameter named --enablewinbindkrb5 that doesn't exist. And a couple of the parameters in the example need equal signs (parameter=value instead of parameter [space] value). In fairness, that book above is part of RHEL 7 and I'm doing this from Fedora 20 so maybe they are different. Working around that and based on the example, I put this little script together: [root at nfsa gregs]# more test.sh #!/bin/sh authconfig \ --enablewinbind \ --enablewins \ --enablewinbindauth \ --smbsecurity=ads \ --smbworkgroup=EHAC \ --smbrealm=EHAC.LOCAL \ --smbservers=ehcserver1.ehac.local \ --krb5realm=EHAC.LOCAL \ --enablewinbindoffline \ --enablekrb5 \ --winbindtemplateshell=/bin/sh \ --winbindjoin=administrator \ --update \ --enablelocauthorize \ --savebackup=/home/gregs/backups [root at nfsa gregs]# When I run it, it makes copies of a bunch of config files and saves them in my /home/gregs/backups directory. But it never updates any of the real .conf files - just one big no-op. So how do I do this? Surely there's nice, clean, easily reproducible way to make a Linux system offer a share as a member server in a modern A/D domain. F20 can reach into the domain, but the domain cannot reach out to F20. wbinfo -g and wbinfo -u show me the groups and users I expect to see. And getent passwd domain\\user returns what I expect after I finally learned I need to escape that "\" character. So F20 can reach into the domain, but the domain can't reach back to F20. That's my problem. [root at nfsa gregs]# getent passwd ehac\\gregs gregs at ehac.local:*:762201118:762200513:Greg Scott:/home/ehac.local/gregs:/bin/bash Finally, here is a copy of my smb.conf and krb5.conf. [root at nfsa gregs]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[backups]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = EHAC realm = ehac.local server string = Samba Server nfsa Version %v security = ADS log file = /var/log/samba/log.%m max log size = 50 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config SAMDOM:range = 500-40000 idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:backend = ad idmap config *:range = 70001-80000 idmap config * : backend = tdb cups options = raw [backups] comment = backups path = /data/nfsa read only = No guest ok = Yes [root at nfsa gregs]# [root at nfsa gregs]# [root at nfsa gregs]# more /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false # default_realm = EXAMPLE.COM default_realm = EHAC.LOCAL default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } EHAC.LOCAL = { kdc = ehcserver1.ehac.local admin_server = ehcserver1.ehac.local } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM .ehac.local = EHAC.LOCAL ehac.local = EHAC.LOCAL [root at nfsa gregs]# Oh yes - I have no idea if this is relevant or not but I see these errors about printers in /var/log/messages when I restart smb. I don't care about printing here and would be fine with just turning off all printing if there's a way to do it. But maybe these printer errors contribute to my real problem. [root at nfsa gregs]# tail /var/log/messages Aug 30 13:42:36 nfsa smbd[7353]: [2014/08/30 13:42:36.137682, 0] ../source3/printing/print_cups.c:151(cups_connect) Aug 30 13:42:36 nfsa smbd[7353]: Unable to connect to CUPS server localhost:631 - Bad file descriptor Aug 30 13:42:36 nfsa smbd[7010]: [2014/08/30 13:42:36.137938, 0] ../source3/printing/print_cups.c:528(cups_async_callback) Aug 30 13:42:36 nfsa smbd[7010]: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL Aug 30 13:50:01 nfsa systemd: Starting Session 271 of user root. Aug 30 13:50:02 nfsa systemd: Started Session 271 of user root. Aug 30 13:55:36 nfsa smbd[7380]: [2014/08/30 13:55:36.883693, 0] ../source3/printing/print_cups.c:151(cups_connect) Aug 30 13:55:36 nfsa smbd[7380]: Unable to connect to CUPS server localhost:631 - Bad file descriptor Aug 30 13:55:36 nfsa smbd[7010]: [2014/08/30 13:55:36.883950, 0] ../source3/printing/print_cups.c:528(cups_async_callback) Aug 30 13:55:36 nfsa smbd[7010]: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [root at nfsa gregs]# I've installed winbind and winbind and smb are running. SElinux is set to permissive. I don't think I need nmb anymore but I can try turning it on. [root at nfsa gregs]# systemctl list-unit-files | grep smb smb.service enabled [root at nfsa gregs]# systemctl list-unit-files | grep nmb nmb.service disabled [root at nfsa gregs]# systemctl list-unit-files | grep winbind winbind.service enabled [root at nfsa gregs]# Oh - versions - everything came from Red Hat binaries a few days ago: [root at nfsa gregs]# more /etc/issue Fedora release 20 (Heisenbug) Kernel \r on an \m (\l) [root at nfsa gregs]# rpm -qa | grep samba samba-winbind-modules-4.1.9-4.fc20.x86_64 samba-common-4.1.9-4.fc20.x86_64 samba-4.1.9-4.fc20.x86_64 samba-winbind-4.1.9-4.fc20.x86_64 samba-libs-4.1.9-4.fc20.x86_64 samba-winbind-clients-4.1.9-4.fc20.x86_64 [root at nfsa gregs]# [root at nfsa gregs]# rpm -qa | grep krb5 pam_krb5-2.4.8-1.fc20.x86_64 sssd-krb5-common-1.11.6-1.fc20.x86_64 sssd-krb5-1.11.6-1.fc20.x86_64 krb5-workstation-1.11.5-11.fc20.x86_64 krb5-libs-1.11.5-11.fc20.x86_64 [root at nfsa gregs]# Thanks - Greg Scott
Rowland Penny
2014-Aug-30 20:51 UTC
[Samba] I want a Fedora 20 system to be a member server and offer a share in a Windows 2008R2 Active Directory domain
On 30/08/14 20:14, Greg Scott wrote:> I'm close to making this work. The goal is to make this Fedora 20 system pretend to be a Windows member server in my Windows 2008R2 Active Directory domain and then I'll use it as a backup target. When I run ADUC from my domain controller, I see my F20 system named nfsa. But from Windows, when I do Start...\\nfsa, I get an Access Denied error and it prompts for credentials. When I do Start...\\nfsa\backups, it just fails with an Access Denied error. > > I will paste in the output from testparms below, which has everything in my smb.conf. This should all be OK. I've gotta be missing the piece that sets up my F20 system to trust A/D for authentication for F20 can advertise this share. The guidance on how to do that is contradictory and thin and I'm hopelessly confused. I'm supposed to do some editing to some pam .conf files and nsswitch.conf, but everyone has different guidance. And the edits look elaborate and prone to mistakes. > > So Red Hat includes a tool named authconfig that claims to handle this for me. It is supposed to set up all the .conf files to make this work. Pass authconfig the correct parameters and it all just happens. In fact, it's all documented right here in the RHEL 7 Windows Integration Guide: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/winbind-auth.html > > The example in section 4.3.2, step 4 uses a parameter named --enablewinbindkrb5 that doesn't exist. And a couple of the parameters in the example need equal signs (parameter=value instead of parameter [space] value). In fairness, that book above is part of RHEL 7 and I'm doing this from Fedora 20 so maybe they are different. Working around that and based on the example, I put this little script together: > > [root at nfsa gregs]# more test.sh > #!/bin/sh > > authconfig \ > --enablewinbind \ > --enablewins \ > --enablewinbindauth \ > --smbsecurity=ads \ > --smbworkgroup=EHAC \ > --smbrealm=EHAC.LOCAL \ > --smbservers=ehcserver1.ehac.local \ > --krb5realm=EHAC.LOCAL \ > --enablewinbindoffline \ > --enablekrb5 \ > --winbindtemplateshell=/bin/sh \ > --winbindjoin=administrator \ > --update \ > --enablelocauthorize \ > --savebackup=/home/gregs/backups > [root at nfsa gregs]#Have you tried typing the above in a terminal and running it, if you do, it may print an error message. Rowland> When I run it, it makes copies of a bunch of config files and saves them in my /home/gregs/backups directory. But it never updates any of the real .conf files - just one big no-op. > > So how do I do this? Surely there's nice, clean, easily reproducible way to make a Linux system offer a share as a member server in a modern A/D domain. > > F20 can reach into the domain, but the domain cannot reach out to F20. > > wbinfo -g and wbinfo -u show me the groups and users I expect to see. And getent passwd domain\\user returns what I expect after I finally learned I need to escape that "\" character. So F20 can reach into the domain, but the domain can't reach back to F20. That's my problem. > > [root at nfsa gregs]# getent passwd ehac\\gregs > gregs at ehac.local:*:762201118:762200513:Greg Scott:/home/ehac.local/gregs:/bin/bash > > Finally, here is a copy of my smb.conf and krb5.conf. > > [root at nfsa gregs]# testparm > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[backups]" > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > [global] > workgroup = EHAC > realm = ehac.local > server string = Samba Server nfsa Version %v > security = ADS > log file = /var/log/samba/log.%m > max log size = 50 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind nss info = rfc2307 > idmap config SAMDOM:range = 500-40000 > idmap config SAMDOM:schema_mode = rfc2307 > idmap config SAMDOM:backend = ad > idmap config *:range = 70001-80000 > idmap config * : backend = tdb > cups options = raw > > [backups] > comment = backups > path = /data/nfsa > read only = No > guest ok = Yes > [root at nfsa gregs]# > [root at nfsa gregs]# > [root at nfsa gregs]# more /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > dns_lookup_realm = false > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = true > rdns = false > # default_realm = EXAMPLE.COM > default_realm = EHAC.LOCAL > default_ccache_name = KEYRING:persistent:%{uid} > > [realms] > # EXAMPLE.COM = { > # kdc = kerberos.example.com > # admin_server = kerberos.example.com > # } > > EHAC.LOCAL = { > kdc = ehcserver1.ehac.local > admin_server = ehcserver1.ehac.local > } > > [domain_realm] > # .example.com = EXAMPLE.COM > # example.com = EXAMPLE.COM > > .ehac.local = EHAC.LOCAL > ehac.local = EHAC.LOCAL > [root at nfsa gregs]# > > Oh yes - I have no idea if this is relevant or not but I see these errors about printers in /var/log/messages when I restart smb. I don't care about printing here and would be fine with just turning off all printing if there's a way to do it. But maybe these printer errors contribute to my real problem. > > [root at nfsa gregs]# tail /var/log/messages > Aug 30 13:42:36 nfsa smbd[7353]: [2014/08/30 13:42:36.137682, 0] ../source3/printing/print_cups.c:151(cups_connect) > Aug 30 13:42:36 nfsa smbd[7353]: Unable to connect to CUPS server localhost:631 - Bad file descriptor > Aug 30 13:42:36 nfsa smbd[7010]: [2014/08/30 13:42:36.137938, 0] ../source3/printing/print_cups.c:528(cups_async_callback) > Aug 30 13:42:36 nfsa smbd[7010]: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL > Aug 30 13:50:01 nfsa systemd: Starting Session 271 of user root. > Aug 30 13:50:02 nfsa systemd: Started Session 271 of user root. > Aug 30 13:55:36 nfsa smbd[7380]: [2014/08/30 13:55:36.883693, 0] ../source3/printing/print_cups.c:151(cups_connect) > Aug 30 13:55:36 nfsa smbd[7380]: Unable to connect to CUPS server localhost:631 - Bad file descriptor > Aug 30 13:55:36 nfsa smbd[7010]: [2014/08/30 13:55:36.883950, 0] ../source3/printing/print_cups.c:528(cups_async_callback) > Aug 30 13:55:36 nfsa smbd[7010]: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL > [root at nfsa gregs]# > > I've installed winbind and winbind and smb are running. SElinux is set to permissive. I don't think I need nmb anymore but I can try turning it on. > > [root at nfsa gregs]# systemctl list-unit-files | grep smb > smb.service enabled > [root at nfsa gregs]# systemctl list-unit-files | grep nmb > nmb.service disabled > [root at nfsa gregs]# systemctl list-unit-files | grep winbind > winbind.service enabled > [root at nfsa gregs]# > > Oh - versions - everything came from Red Hat binaries a few days ago: > > [root at nfsa gregs]# more /etc/issue > Fedora release 20 (Heisenbug) > Kernel \r on an \m (\l) > > [root at nfsa gregs]# rpm -qa | grep samba > samba-winbind-modules-4.1.9-4.fc20.x86_64 > samba-common-4.1.9-4.fc20.x86_64 > samba-4.1.9-4.fc20.x86_64 > samba-winbind-4.1.9-4.fc20.x86_64 > samba-libs-4.1.9-4.fc20.x86_64 > samba-winbind-clients-4.1.9-4.fc20.x86_64 > [root at nfsa gregs]# > [root at nfsa gregs]# rpm -qa | grep krb5 > pam_krb5-2.4.8-1.fc20.x86_64 > sssd-krb5-common-1.11.6-1.fc20.x86_64 > sssd-krb5-1.11.6-1.fc20.x86_64 > krb5-workstation-1.11.5-11.fc20.x86_64 > krb5-libs-1.11.5-11.fc20.x86_64 > [root at nfsa gregs]# > > Thanks > > - Greg Scott
steve
2014-Aug-30 21:45 UTC
[Samba] I want a Fedora 20 system to be a member server and offer a share in a Windows 2008R2 Active Directory domain
On Sat, 2014-08-30 at 19:14 +0000, Greg Scott wrote:> I'm close to making this work.What does your keytab look like? klist -k If that returns at least a host/ key then direct samba to use it: kerberos method = system keytab HTH Steve
Davor Vusir
2014-Aug-31 19:56 UTC
[Samba] I want a Fedora 20 system to be a member server and offer a share in a Windows 2008R2 Active Directory domain
** Skickat fr?n mobilusken! ** Den 30 aug 2014 21:20 skrev "Greg Scott" <GregScott at infrasupport.com>:> > I'm close to making this work. The goal is to make this Fedora 20 systempretend to be a Windows member server in my Windows 2008R2 Active Directory domain and then I'll use it as a backup target. When I run ADUC from my domain controller, I see my F20 system named nfsa. But from Windows, when I do Start...\\nfsa, I get an Access Denied error and it prompts for credentials. When I do Start...\\nfsa\backups, it just fails with an Access Denied error.> > I will paste in the output from testparms below, which has everything inmy smb.conf. This should all be OK. I've gotta be missing the piece that sets up my F20 system to trust A/D for authentication for F20 can advertise this share. The guidance on how to do that is contradictory and thin and I'm hopelessly confused. I'm supposed to do some editing to some pam .conf files and nsswitch.conf, but everyone has different guidance. And the edits look elaborate and prone to mistakes.> > So Red Hat includes a tool named authconfig that claims to handle thisfor me. It is supposed to set up all the .conf files to make this work. Pass authconfig the correct parameters and it all just happens. In fact, it's all documented right here in the RHEL 7 Windows Integration Guide:> >https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/winbind-auth.html> > The example in section 4.3.2, step 4 uses a parameter named--enablewinbindkrb5 that doesn't exist. And a couple of the parameters in the example need equal signs (parameter=value instead of parameter [space] value). In fairness, that book above is part of RHEL 7 and I'm doing this from Fedora 20 so maybe they are different. Working around that and based on the example, I put this little script together:> > [root at nfsa gregs]# more test.sh > #!/bin/sh > > authconfig \ > --enablewinbind \ > --enablewins \ > --enablewinbindauth \ > --smbsecurity=ads \ > --smbworkgroup=EHAC \ > --smbrealm=EHAC.LOCAL \ > --smbservers=ehcserver1.ehac.local \ > --krb5realm=EHAC.LOCAL \ > --enablewinbindoffline \ > --enablekrb5 \ > --winbindtemplateshell=/bin/sh \ > --winbindjoin=administrator \ > --update \ > --enablelocauthorize \ > --savebackup=/home/gregs/backups > [root at nfsa gregs]# > > When I run it, it makes copies of a bunch of config files and saves themin my /home/gregs/backups directory. But it never updates any of the real .conf files - just one big no-op.> > So how do I do this? Surely there's nice, clean, easily reproducible wayto make a Linux system offer a share as a member server in a modern A/D domain.> > F20 can reach into the domain, but the domain cannot reach out to F20. > > wbinfo -g and wbinfo -u show me the groups and users I expect to see.And getent passwd domain\\user returns what I expect after I finally learned I need to escape that "\" character. So F20 can reach into the domain, but the domain can't reach back to F20. That's my problem.> > [root at nfsa gregs]# getent passwd ehac\\gregs > gregs at ehac.local:*:762201118:762200513:GregScott:/home/ehac.local/gregs:/bin/bash> > Finally, here is a copy of my smb.conf and krb5.conf. > > [root at nfsa gregs]# testparm > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[backups]" > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > [global] > workgroup = EHAC > realm = ehac.local > server string = Samba Server nfsa Version %v > security = ADS > log file = /var/log/samba/log.%m > max log size = 50 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind nss info = rfc2307 > idmap config SAMDOM:range = 500-40000 > idmap config SAMDOM:schema_mode = rfc2307 > idmap config SAMDOM:backend = adSAMDOM -> EHAC? Is the defined orange correct? Regards Davor> idmap config *:range = 70001-80000 > idmap config * : backend = tdb > cups options = raw > > [backups] > comment = backups > path = /data/nfsa > read only = No > guest ok = Yes > [root at nfsa gregs]# > [root at nfsa gregs]# > [root at nfsa gregs]# more /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > dns_lookup_realm = false > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = true > rdns = false > # default_realm = EXAMPLE.COM > default_realm = EHAC.LOCAL > default_ccache_name = KEYRING:persistent:%{uid} > > [realms] > # EXAMPLE.COM = { > # kdc = kerberos.example.com > # admin_server = kerberos.example.com > # } > > EHAC.LOCAL = { > kdc = ehcserver1.ehac.local > admin_server = ehcserver1.ehac.local > } > > [domain_realm] > # .example.com = EXAMPLE.COM > # example.com = EXAMPLE.COM > > .ehac.local = EHAC.LOCAL > ehac.local = EHAC.LOCAL > [root at nfsa gregs]# > > Oh yes - I have no idea if this is relevant or not but I see these errorsabout printers in /var/log/messages when I restart smb. I don't care about printing here and would be fine with just turning off all printing if there's a way to do it. But maybe these printer errors contribute to my real problem.> > [root at nfsa gregs]# tail /var/log/messages > Aug 30 13:42:36 nfsa smbd[7353]: [2014/08/30 13:42:36.137682, 0]../source3/printing/print_cups.c:151(cups_connect)> Aug 30 13:42:36 nfsa smbd[7353]: Unable to connect to CUPS serverlocalhost:631 - Bad file descriptor> Aug 30 13:42:36 nfsa smbd[7010]: [2014/08/30 13:42:36.137938, 0]../source3/printing/print_cups.c:528(cups_async_callback)> Aug 30 13:42:36 nfsa smbd[7010]: failed to retrieve printer list:NT_STATUS_UNSUCCESSFUL> Aug 30 13:50:01 nfsa systemd: Starting Session 271 of user root. > Aug 30 13:50:02 nfsa systemd: Started Session 271 of user root. > Aug 30 13:55:36 nfsa smbd[7380]: [2014/08/30 13:55:36.883693, 0]../source3/printing/print_cups.c:151(cups_connect)> Aug 30 13:55:36 nfsa smbd[7380]: Unable to connect to CUPS serverlocalhost:631 - Bad file descriptor> Aug 30 13:55:36 nfsa smbd[7010]: [2014/08/30 13:55:36.883950, 0]../source3/printing/print_cups.c:528(cups_async_callback)> Aug 30 13:55:36 nfsa smbd[7010]: failed to retrieve printer list:NT_STATUS_UNSUCCESSFUL> [root at nfsa gregs]# > > I've installed winbind and winbind and smb are running. SElinux is setto permissive. I don't think I need nmb anymore but I can try turning it on.> > [root at nfsa gregs]# systemctl list-unit-files | grep smb > smb.service enabled > [root at nfsa gregs]# systemctl list-unit-files | grep nmb > nmb.service disabled > [root at nfsa gregs]# systemctl list-unit-files | grep winbind > winbind.service enabled > [root at nfsa gregs]# > > Oh - versions - everything came from Red Hat binaries a few days ago: > > [root at nfsa gregs]# more /etc/issue > Fedora release 20 (Heisenbug) > Kernel \r on an \m (\l) > > [root at nfsa gregs]# rpm -qa | grep samba > samba-winbind-modules-4.1.9-4.fc20.x86_64 > samba-common-4.1.9-4.fc20.x86_64 > samba-4.1.9-4.fc20.x86_64 > samba-winbind-4.1.9-4.fc20.x86_64 > samba-libs-4.1.9-4.fc20.x86_64 > samba-winbind-clients-4.1.9-4.fc20.x86_64 > [root at nfsa gregs]# > [root at nfsa gregs]# rpm -qa | grep krb5 > pam_krb5-2.4.8-1.fc20.x86_64 > sssd-krb5-common-1.11.6-1.fc20.x86_64 > sssd-krb5-1.11.6-1.fc20.x86_64 > krb5-workstation-1.11.5-11.fc20.x86_64 > krb5-libs-1.11.5-11.fc20.x86_64 > [root at nfsa gregs]# > > Thanks > > - Greg Scott > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Greg Scott
2014-Aug-31 21:48 UTC
[Samba] I want a Fedora 20 system to be a member server and offer a share in a Windows 2008R2 Active Directory domain
I got it working a few hours ago. Forget authconfig for now. If anyone from Red Hat follows this list, authconfig on Fedora 20 seems broken - see the original email I posted on this topic yesterday. In my case, this was the key. I did the edit by hand - it wasn't a big deal. [root at nfsa etc]# diff nsswitch.conf nsswitch.conf-20140830 33c33 < passwd: files sss winbind ---> passwd: files sss35c35 < group: files sss winbind ---> group: files sss[root at nfsa etc]# - Greg
Seemingly Similar Threads
- Re: Fedora 19/20 new install :Unable to create vcpu cgroup
- [LLVMdev] clang/lnt buildbot on F20 "lnt: error: no such option: -m" ...
- [virt-builder] symbol lookup error: /lib64/libgnutls.so.28 - undefined symbol: nettle_secp_256r1
- Fedora 19/20 new install :Unable to create vcpu cgroup
- Re: Fedora 19/20 new install :Unable to create vcpu cgroup