Am 2016-12-30 um 14:49 schrieb L.P.H. van Belle via samba:> I think we are mixing 2 things now. > > You corrected DC, thats good. > > > > And the debian server member is the member?No: debian = DC gentoo = former NT4-PDC, upcoming member server / fileserver> > Did you add in /etc/ldap/ldap.conf > > TLS_REQCERT allowon the member? Did that right now.> apt-get install ca-certificates > echo “TLS_REQCERT allow” > /etc/ldap/ldap.conf > > > > Locate you SAMBA CA root. > > ln -s path_to_samba_TLS-CA-ROOT /usr/local/share/ca-certificates/samba-ca.crtwill dig that up on gentoo now ...> Do that on the debian server, reboot it and after reboot type wbinfo –u> And post /etc/hosts /etc/resolv.conf /etc/samba/smb.conf of that server.you speak of the member server? main samba # cat /etc/hosts # IPv4 and IPv6 localhost aliases 127.0.0.1 localhost ::1 localhost ff02::1 ip6-allnodes ff02::2 ip6-allrouters 10.0.0.221 main.secret.tld main 10.0.0.222 samba.secret.tld samba 10.0.0.224 backup.secret.tld backup 10.0.0.225 vmware.secret.tld vmware main samba # cat /etc/resolv.conf # Generated by net-scripts for interface eth0 search arbeitsgruppe.secret.tld nameserver 10.0.0.224 main samba # cat /etc/samba/smb.conf [global] security = ADS workgroup = ARBEITSGRUPPE realm = arbeitsgruppe.secret.tld log file = /var/log/samba/%m.log log level = 3 idmap config * : backend = tdb idmap config * : range = 3000-7999 ## idmap config for the ARBEITSGRUPPE domain idmap config ARBEITSGRUPPE:backend = rid idmap config ARBEITSGRUPPE:range = 10000-999999 username map = /etc/samba/user.map winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes [Daten] comment = Daten path = /mnt/daten #valid users = @users force group = users read only = No create mask = 0660 directory mask = 0770
2nd big issue: we can't join win7 clients. [2016/12/30 16:13:53.836745, 0] ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) Failed to create user record CN=ZBOOK,CN=Computers,DC=arbeitsgruppe,DC=secret,DC=tld: acl: unable to find or validate structural objectClass on CN=ZBOOK,CN=Computers,DC=arbeitsgruppe,DC=secret,DC=tld -- while the OU / container seems to exist: ~# ldbsearch -H ldap://backup -U Administrator | grep "CN=Computers" dn: CN=W7TEST,CN=Computers,DC=arbeitsgruppe,DC=secret,DC=tld distinguishedName: CN=W7TEST,CN=Computers,DC=arbeitsgruppe,DC=secret,DC dn: CN=main,CN=Computers,DC=arbeitsgruppe,DC=secret,DC=tld - # samba-tool dbcheck Checking 356 objects Checked 356 objects (0 errors)