Hey,
I'm trying to setup samba to create shares for windows users (2008R2 Domain Controller). Everything I'm doing is from a fresh install on Centos 6.7. I'm hoping to accomplish this with Samba/Winbind. The problem I'm experiencing is that if I run "wbinfo -u" I get no output. If I run "wbinfo -g" I get all my AD groups. If I "getent group" I get all my AD groups, but if I "getent passwd" I get no output. Why is this not working? Any input would be appreciated
List of samba packages installed:
- samba-common-3.6.23-30.el6_7.x86_64
- samba-winbind-3.6.23-30.el6_7.x86_64
- samba-client-3.6.23-30.el6_7.x86_64
- samba-winbind-clients-3.6.23-30.el6_7.x86_64
- samba-3.6.23-30.el6_7.x86_64
List of Kerberose packages installed:
- krb5-libs-1.10.3-42z1.el6_7.x86_64
- krb5-server-1.10.3-42z1.el6_7.x86_64
- krb5-workstation-1.10.3-42z1.el6_7.x86_64
Krb5.conf file:
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.CA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] MYDOMAIN.CA = { kdc = dc.mydomain.ca admin_server = dc.mydomain.ca default_domain = mydomain.ca } [domain_realm] .mydomain.ca = MYDOMAIN.CA mydomain.ca = MYDOMAIN.CA [appdefaults] pam = { debug = false ticket_lifetime = 36000 forwardable = true krb4_convert = false } My nsswitch.conf Relevant portion:
passwd: files winbind shadow: files winbind group: files winbind My smb.conf global section:
workgroup = MYDOMAIN server string = STRING netbios name = server_name log level = 3 log file = /var/log/samba/log.%U.%m max log size = 1024 security = ads passdb backend = tdbsam encrypt passwords = yes password server = * realm = MYDOMAIN.CA idmap backend = ad winbind refresh tickets = yes winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes Things that work:
- wbinfo -g
- getent group
Things that don't work:
- wbinfo -u
- getent passwd
Thanks in advance.
[link] [comments]