[Samba] Re: Changing OU to default?
This is a discussion on [Samba] Re: Changing OU to default? within the Samba forums, part of the Networking and Network Related category; I appreciate the assistance. I am running SuSE 9.3 with the samba and winbind packages (latest releases). I have ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-20-2005
|
|||
|
|||
[Samba] Re: Changing OU to default?
I appreciate the assistance. I am running SuSE 9.3 with the samba and
winbind packages (latest releases). I have configured the krb5.conf to correspond including the enc types. Here is that output: [libdefaults] default_realm = DOMAIN.COM clockskew = 300 default_tgs_enctypes = rc4-hmac des-cbc-md5 default_tkt_enctypes = rc4-hmac des-cbc-md5 permitted_enctypes = rc4-hmac des-cbc-md5 [realms] UTAH.EDU = { kdc = 192.168.0.2 default_domain = domain.com admin_server = 192.168.0.2 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] ..domain.com = DOMAIN.COM domain.com = DOMAIN.COM [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } Really, I have been able to join the machine to the domain as a member server with the 'security = ads' argument without problem. During that initial setup process I mapped the server to a specific OU ex. net ads join -U username@DOMAIN.com "additional_users" I have attempted to remove the computer object from the AD directory in an attempt to reset the join to the default OU but this has not worked. Any help or insight is appreciated. Brian Moran wrote: >Jason, I missed your previous mails on this, however let me see if I >have this right. > >You have a Microsoft Windows Server Domain Controller, running AD; You >want servers to be members of the domain. > >Do you want to authenticate DOMAIN users, or linux-local names, against >the AD? > >What's the OS that you're using on the linux servers? Unfortunately, >that matters, since some require config of /etc/krb5.conf, some don't. >And it depends on version :-(. > >-----Original Message----- >From: samba-technical-bounces+bmoran=centeris.com@lists.samba.org >[mailto:samba-technical-bounces+bmoran=centeris.com@lists.samba.org] On >Behalf Of Jason Gerfen >Sent: Wednesday, October 19, 2005 12:28 PM >To: samba-technical@lists.samba.org >Subject: Changing OU to default? > >I have posted a few questions in the normal samba lists and have not >recieved an answer, other then to remove the AD object and try again. > >Here is what I am trying to accomplish; Using samba as a file server >for users authenticating through kerberos and active directory. > >I have followed the samba-howto on samba.org, and here is my smb.conf > >[global] ># ># Network configuration ># > server string = doc-odin.domain.com > workgroup = DOMAIN > netbios name = DOC-ODIN > realm = DOMAIN > security = ADS > password server = server.domain.com server2.domain.com > ># ># Domain configuation options ># > prefered master = no > local master = no > domain master = no > prefered master = no > domain logons = no > ># ># Security options ># > encrypt passwords = yes > update encrypted = yes > password level = 20 > ># ># Winbind options ># ># > winbind use default domain = no > winbind cache time = 5 > winbind separator = / > winbind enum users = no > winbind enum groups = no > winbind nested groups = yes > ># ># User/Group mapping options ># > idmap uid = 500-500000 > idmap gid = 500-500000 > add user script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s >/bin/false -M %u > add machine script = /usr/sbin/useradd -c Machine -d >/var/lib/nobody -s /bin/false %m$ > ># ># LDAP/AD configuration options ># > passdb backend = ldapsam:LDAP://server2.domain.com > ldap admin dn = "cn=readonly,cn=users,dc=domain,dc=com > ldap user suffix = cn=users > ldap group suffix = ou=groups > ldap suffix = dc=domain,dc=com > ldap delete dn = no > use spnego = yes > ># ># Networking options ># > hide unreadable = no > wins support = no > dns proxy = no > interfaces = eth* lo > bind interfaces only = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > hosts deny = 0.0.0.0/0 > ># ># Miscellaneous options ># > os level = 20 > template shell = /bin/false > template homedir = /odin/%D/%U > load printers = no > ># ># Logging options ># > log level = 1 ads:5 auth:5 sam:5 rpc:5 > >I am able to join the domain, I am able to view users, just not the >correct users. I mapped a OU=users when I needed to map the CN=users >(which is the default) and I am not able to run the net ads join -U >username@realm.com "container/users" without getting an error that >CN=users is not a valid OU. I have already attempted to delete the >server name from active directory and re-joining. > >A co-worker and I were talking about everything we could do, and the >only thing that has not been done is using another AD Administrative >user to join the domain with. Any help is appreciated. > > > -- Jason Gerfen Student Computing Labs, University Of Utah jason.gerfen@scl.utah.edu J. Willard Marriott Library 295 S 1500 E, Salt Lake City, UT 84112-0860 801-585-9810 "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
