Hello, I have a problem with Samba setup that I haven't been able to overcome for months. I am trying to setup samba on RHEL 7 using SSSD instead of winbind
Currently, I have a one way trust between the production Active directory and productin IPA. I have users on IPA and Active directory. For example, I have an account called will...@activedirectory.example.com and will...@ipa.example.com. To get sharing working, I have created a posix group that now have of the above users. The intent is, I should be able to write to my Linux home user irrespective of what account I log in with. [homes] comment = Home Directories path = /home/william browseable = yes writeable = yes valid users = @william_posix_group From any of the IPA clients, samba seem to work fine. I can login with samba client, delete, list and do anything. With klist, I do see both the CIFS and Linux host ticket. >From Windows though, it don't work. I see that the Windows system did actually get the host ticket for the server running samba, the Windows hots ticket but the CIFS ticket is missing. With that background, I have setup a dummy active directory called test.local. Essentially, I intend to destroy it once I verify that the behaviour is consistent with the production active directory. I am however stuck with DNS setup, and can't therefore establish trust between production IPA and dummy active directory. Would you know what I could be doing wrong with from the logs below? [root@lithium ~]# ipa dnsforwardzone-add test.local. --forwarder=192.168.11.56 --forward-policy=first Server will check DNS forwarder(s). This may take some time, please wait ... ipa: WARNING: DNSSEC validation failed: record 'test.local. SOA' failed DNSSEC validation on server 192.168.20.1. Please verify your DNSSEC configuration or disable DNSSEC validation on all IPA servers. Zone name: test.local. Active zone: TRUE Zone forwarders: 192.168.11.56 Forward policy: first [root@lithium ~]# dig +short -t SRV _kerberos._udp.dc._msdcs.test.local [root@lithium ~]# dig @192.168.11.56 +short -t SRV _kerberos._udp.dc._msdcs.test.local 0 100 88 server.test.local. [root@lithium ~]# Regards, William
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project