Results 1 to 2 of 2
I'm trying to get a RHEL 5.4 base system to authenticate against a W2K8 domain
With the stock samba-3.0.33, I can use wbinfo and getent just fine, but I cannot ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-19-2012 #1Linux Newbie
- Join Date
- Sep 2007
- Location
- San Diego, CA
- Posts
- 113
Samba 3.0.33 (sorta) works, 3.5.4 doesn't
I'm trying to get a RHEL 5.4 base system to authenticate against a W2K8 domain
With the stock samba-3.0.33, I can use wbinfo and getent just fine, but I cannot actually authenticate. Googling finally led to a bug that strongly suggests that 3.0.33 cannot and will never be able to authenticate against W2K8, so I installed samba3x-3.5.4 Now, I cannot even join the domain. I get:
Failed to join domain: failed to lookup DC info for domain 'MY.DOMAIN' over rpc: Invalid workstation
Googling on that isn't turning up much of anything.
net ads status seems to work just fine.
/var/log/samba/log.winbindd says "Could not fetch our SID - did we join?" and "unable to initialize domain list"
- 04-25-2012 #2Linux Newbie
- Join Date
- Sep 2007
- Location
- San Diego, CA
- Posts
- 113
Some smb.conf entries that are helping me make progress!
# deal with NSS and the whole UID/SID id mapping stuff
idmap backend = tdb
idmap uid = 2000000 - 2999999
idmap gid = 2000000 - 2999999
idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : schema_mode = rfc2307
idmap config MYDOMAIN : readonly = yes
idmap config MYDOMAIN : range = 500 - 1999999
idmap cache time = 604800
idmap negative cache time = 20
winbind cache time = 600
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind offline logon = false
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
