I followed everything in the tutorial but getent still only shows local.
I’m officially out of ideas and its quitting time, so until tommorow.
I followed everything in the tutorial but getent still only shows local.
I’m officially out of ideas and its quitting time, so until tommorow.
The first two answers might help?
[global]
workgroup = xxxx
security = ads
kerberos method = secrets and keytab
realm = xxxx
encrypt passwords = yes
domain master = no
local master = no
preferred master = no
min protocol = SMB2
passdb backend = tdbsam
log file = /var/log/samba/log.%m
log level = 3 auth:10
max log size = 50
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
printing = cups
printcap name = cups
load printers = no
cups options = raw
client signing = yes
client use spnego = yes
#client ntlmv2 auth = yes
idmap config xxxx : backend = sss
idmap config xxxx : range = 200000-2147483647
idmap config * : backend = tdb
idmap config * : range = 100000-199999
This the the config I use for samba that is domain joined using sssd. for ID map provider I’m not using winbind but the SSSD id map plugin to keep the UID translation consistent. But winbind is still required and recommended for NTLM authentication as sssd only does kerberos. I found that out when nextcloud stopped authenticating my samba shares but I was still able to login on Windows clients. If you have legacy devices that require NTLMv1 or SMB1 then you may have to do some tweaking to accomdate.
I think this guide worked for me to get ubuntu joined up to a domain
http://blog.admindiary.com/integrate-ubuntu-active-directory-using-kerberos-realmd-sssd/
The whole network is forced to smb1 because of a legacy erp software.
I followed that to the T and it does not work.
I have given up on this as I have to get it to just work™
I removed all of the AD stuff from my config and reverted to stand alone server, giving everyone 777.
definitely not ideal but I dont have time to mess with it anymore.
Smbpasswd
I shouldnt need it with AD
oh I see what you’re saying now.
yeah im not going to go to everyones machine and set them up with creds. vacation starts tomorrow so I cant be here to troubleshoot.