The story so far:
I have a domain and I want to have 2-way communication between Windows Users and Linux users. After many attempts I got this far
I removed sssd and realmd, installed winbind made this smb.conf:
[global] workgroup = NETBIOSDOMAIN security = ADS realm = XXXX.MYDOMAIN.COM server string = Samba Client %h winbind use default domain = yes winbind expand groups = 2 winbind refresh tickets = Yes dns proxy = no idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config NETBIOSDOMAIN : backend = rid idmap config NETBIOSDOMAIN : range = 10000-999999 template shell = /bin/bash # user Administrator workaround, without it you are unable to set privileges username map = /etc/samba/user.map vfs objects = acl_xattr map acl inherit = Yes # Comment the following 4 lines to act as a print server printcap name = /dev/null load printers = no disable spoolss = yes printing = bsd # logging log level = 1 log file = /var/log/samba/%m.log logging = file min domain uid = 0 [homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = %S
I created /etc/samba/user.map containing this:
!root = NETBIOSDOMAIN\Administrator
net ads join -UAdministrator
I ran this but used my own login in place of Administrator because I am the Domain Manager We don’t use Adminstrator. (This MAY be a problem) It joined the domain no hassles.
I changed the ‘passwd’ and ‘group’ lines in /etc/nsswitch.conf by adding ‘winbind’ to them.
# /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Valid entries include: # # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files winbind shadow: files group: files winbind #initgroups: files #hosts: db files nisplus nis dns hosts: files dns myhostname # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus
So far so good.
From a Windows 10 PC, I can connect to root (makes sense as my login name is the Domain Admin). I may have to change this.
From Rocky, I can’t access any machine in the Domain. I cat an empty sheet. Weird because it’s a member of the domain.
Any suggestions musch appreciated.