smb share issue in domain network
by satishramudri from LinuxQuestions.org on (#6G0C0)
hi,
i'm trying to create and configure smb share in rocky linux with domin authentication
i have added the rocky linux as domin member
and configured the smb.conf and krb5.conf
check my configuration files
krb5.conf file
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = fallback
qualify_shortname = ""
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
udp_preference_limit = 0
default_realm = JVS.COM
[realms]
JVS.COM = {
kdc = jvspdc01.jvs.com
admin_server = jvspdc01.jvs.com
}
[domain_realm]
.jvs.com = JVS.COM
jvs.com = JVS.COM
/etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
#
# Note:
# SMB1 is disabled by default. This means clients without support for SMB2 or
# SMB3 are no longer able to connect to smbd (by default).
[global]
workgroup = JVS
security = ads
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
kerberos method = secrets and keytab
realm = JVS.COM
template homedir = /home/%U@%D
template shell = /bin/bash
idmap config JVS : range = 2000000-2999999
idmap config JVS : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = yes
winbind enum users = yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[private]
path = /shares/private
browseable = Yes
read only = No
valid users = @JVS\domain users
Please check the configuration once and suggest me if any changes required,
i'm unable access the server it is asking credentials and my domin credentials not working
i'm trying to create and configure smb share in rocky linux with domin authentication
i have added the rocky linux as domin member
and configured the smb.conf and krb5.conf
check my configuration files
krb5.conf file
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = fallback
qualify_shortname = ""
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
udp_preference_limit = 0
default_realm = JVS.COM
[realms]
JVS.COM = {
kdc = jvspdc01.jvs.com
admin_server = jvspdc01.jvs.com
}
[domain_realm]
.jvs.com = JVS.COM
jvs.com = JVS.COM
/etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
#
# Note:
# SMB1 is disabled by default. This means clients without support for SMB2 or
# SMB3 are no longer able to connect to smbd (by default).
[global]
workgroup = JVS
security = ads
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
kerberos method = secrets and keytab
realm = JVS.COM
template homedir = /home/%U@%D
template shell = /bin/bash
idmap config JVS : range = 2000000-2999999
idmap config JVS : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = yes
winbind enum users = yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[private]
path = /shares/private
browseable = Yes
read only = No
valid users = @JVS\domain users
Please check the configuration once and suggest me if any changes required,
i'm unable access the server it is asking credentials and my domin credentials not working