The story so far:
I have a domain and I want to have 2-way communication between Windows Users and Linux users. After many attempts I got this far
I removed sssd and realmd, installed winbind made this smb.conf:
[global]
workgroup = NETBIOSDOMAIN
security = ADS
realm = XXXX.MYDOMAIN.COM
server string = Samba Client %h
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
dns proxy = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config NETBIOSDOMAIN : backend = rid
idmap config NETBIOSDOMAIN : range = 10000-999999
template shell = /bin/bash
# user Administrator workaround, without it you are unable to set privileges
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
# Comment the following 4 lines to act as a print server
printcap name = /dev/null
load printers = no
disable spoolss = yes
printing = bsd
# logging
log level = 1
log file = /var/log/samba/%m.log
logging = file
min domain uid = 0
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
I created /etc/samba/user.map containing this:
!root = NETBIOSDOMAIN\Administrator
net ads join -UAdministrator
I ran this but used my own login in place of Administrator because I am the Domain Manager We don’t use Adminstrator. (This MAY be a problem) It joined the domain no hassles.
I changed the ‘passwd’ and ‘group’ lines in /etc/nsswitch.conf by adding ‘winbind’ to them.
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files winbind
shadow: files
group: files winbind
#initgroups: files
#hosts: db files nisplus nis dns
hosts: files dns myhostname
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
So far so good.
From a Windows 10 PC, I can connect to root (makes sense as my login name is the Domain Admin). I may have to change this.
From Rocky, I can’t access any machine in the Domain. I cat an empty sheet. Weird because it’s a member of the domain.
Any suggestions musch appreciated.