Tutto funziona perfettamente ed i client windows si autenticano senza problemi, tutto bene anche sul fronte profili in roaming.
Ora che questo aspetto funziona, volevo continuare a configurare gli altri servizi (mail e owncloud) ma volevo farlo utilizzando il database LDP interno di samba4, ho cquindi installato e configurato il demone SSSD, ma dopo un giorno intero di "smadonnamenti" non ne vengo fuori, e quando do il comando:
Codice: Seleziona tutto
#getent passwd Administrator (utente definito in samba)
Codice: Seleziona tutto
(Tue Sep 9 22:22:00 2014) [sssd[be[sede.sq.local]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request
smb.conf
Codice: Seleziona tutto
[global]
workgroup = SEDE
realm = SEDE.SQ.LOCAL
netbios name = SQSERVER
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
allow dns updates = nonsecure and secure
dns forwarder = 192.168.1.254
printing = CUPS
printcap name = /dev/null
idmap_ldb:use rfc2307 = yes
idmap config SEDE:backend = ad
idmap config SEDE:schema_mode = rfc2307
idmap config SEDE:range = 10000-29999
idmap config *:backend = tdb
idmap config *:range = 50000-60000
security = user
[netlogon]
path = /var/lib/samba/sysvol/sede.sq.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[Profiles]
path=/condivisioni/profili/
read only = no
[homes]
comment = Cartella home
browseable = no
create mask = 0700
directory mask = 0700
valid user = %S
Codice: Seleziona tutto
passwd: files sss
group: files sss
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss
Codice: Seleziona tutto
[sssd]
services = nss, pam
config_file_version = 2
domains = sede.sq.local
debug_level = 9
[nss]
[pam]
[domain/sede.sq.local]
# Using id_provider=ad sets the best defaults on its own
id_provider = ad
# In sssd, the default access provider is always 'permit'. The AD access
# provider by default checks for account expiration
access_provider = ad
# Uncomment to use POSIX attributes on the server
# ldap_id_mapping=false
# Uncomment if the client machine hostname doesn't match the computer object on the DC.
ad_hostname = sqserver.sede.sq.local
# Uncomment if DNS SRV resolution is not working
ad_server = sqserver.sede.sq.local
# Uncomment if the domain section is named differently than your Samba domain
ad_domain = sede.sq.local
# Enumeration is discouraged for performance reasons.
enumerate = true