I provision with:
/usr/local/samba/bin/samba-tool domain provision --realm=corp.example.com.pl
--domain=EXAMPLE --adminpass="xxxxxx" --server-role=dc
--dns-backend=SAMBA_INTERNAL
Now I know that I made a mistake. I did use lowcase in realm (Is this really
problem?) and I did not use switches --use-rfc2307 --use-xattrs=yes.
I do not use AD for UNIX accounts authentication, but I would like to in near
future, so I will have to extend schema (--use-rfc2307).
What does exactly do switch --use-xattrs=yes? Does it only add options to
smb.conf or also modify ldap tree and others db files?
Going back to my main problem changing smb.conf like you suggested did not solve
problem. I have noticed that I can connect to samba ldap via Active Directory
Studio and data looks ok. It looks like "./configure; make; make
install" broked kerberos authentication.
Grzegorz
Dnia Środa, 24 Sierpnia 2016 09:51 Rowland Penny via samba <samba at
lists.samba.org> napisał(a) > How did you provision ? I have had a look again at the smb.conf you
> posted and I have noticed that a line I expect to see was missing
> 'idmap_ldb:use rfc2307 = yes'. Did you provision with
'--use-rfc2307
> --use-xattrs=yes' ?
>
> Your smb.conf should look like this:
>
> # Global parameters
> [global]
> workgroup = EXAMPLE
> realm = CORP.EXAMPLE.COM.PL
> server role = active directory domain controller
> dns forwarder = 192.168.132.10
> idmap_ldb:use rfc2307 = yes
>