On 1/5/2015 3:19 AM, Rowland Penny wrote:
>
> Hi, your sssd.conf shows that your domain name is
> 'netserver02.harvey.net' and RSAT shows the NIS domain to be
> 'harvey', so could 'netserver02' be the hostname of the machine and
> 'harvey.net' is the domain name ?
>
> Could you please also post your smb.conf
>
> Rowland
>
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
Thank you for getting back.
The NIS name cannot be changed in Active Directory at least not in the
menu.
It seems I remember reading the the nis name should be domain name not
harvey.net.
Contents of smb.conf:
-------------------------------------------------------------------------------------
# Global parameters
[global]
workgroup = HARVEY
realm =
HARVEY.NET
netbios name = NETSERVER02
server string = Samba PDC Harvey House
server role = active directory domain controller
dns forwarder = 192.168.1.1
#
allow dns updates = nonsecure
server services = +dns, +dnsupdate
#
idmap_ldb:use rfc2307 = yes
#
# From
#https://wiki.archlinux.org/index.php/Active_Directory_Integration
#
# encrypt passwords = yes
# password server =
netserver02.harvey.net
#
# idmap config * : backend = rid
# idmap config * : range = 10000-20000
#
# winbind use default domain = Yes
# winbind enum users = Yes
# winbind enum groups = Yes
# winbind nested groups = Yes
# winbind separator = +
# winbind refresh tickets = yes
#
template shell = /bin/bash
template homedir = /home/%D/%U
#
#preferred master = no
#dns proxy = no
#wins server =
netserver02.harvey.net
#wins proxy = no
#
#inherit acls = Yes
#map acl inherit = Yes
#acl group control = yes
#
# End From
#
#acl map full control = True
#acl group control = yes
#
# Controlling Access Control list, the way windows does
# For member domain controllers only
#
#vfs objects = acl_xattr
#map acl inherit = Yes
#store dos attributes = Yes
#
#
# this tells Samba to use a separate log file for each machine
# that connects
#log file = /var/samba/log/log.%m
# Put a capping on the size of the log files (in Kb).
#
log level = 3
max log size = 1000
log file = /var/samba/log/%m.log
#
hosts allow = 192.168.1.0/26 192.168.1.64/26 192.168.1.128/26
127.0.0.1
hosts deny = 0.0.0.0/0
# Note this will have to remain because authentication
# does not work with sssd yet service principle not recgonice
etc..
# this seems to work for a semi manual approach for
synchronize password
# with the local account on this server
unix password sync = Yes
# passwd chat etc.. does not seem to be needed in this setup This
server is the Active directory it's not
#clear what is making it work sssd is not requied
# it function I have cycled smamb4 service off/on to make sure it's
the setttings have been updated
# passwd program = /usr/bin/passwd %u
# passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
#
[netlogon]
path = /usr/local/samba/var/locks/sysvol/harvey.net/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
#============================ Share Definitions
==============================
-------------------------------------
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users ]
Also you have this line in smb.conf:
unix password sync = Yes
Why? I do hope that you are not trying to have Unix users and users in
AD with the same username.
Rowland