Samba w/Winbind on rhel 9.4
This topic has probably been asked to death, but for the life of me, I cannot figure out what piece I'm missing.
replacing my actual domain name with the word domain
I can use kinit to connect to my AD and the smbclient can see shares on an AD Windows server. However, from a Win11 machine, I cannot see the shares on the rhel9 server. I've tried logging in as DOMAIN\user, user@domain.local, and user@DOMAIN.LOCAL.
beyond lots of Google searches I've gone through the RedHat articles:
https://access.redhat.com/solutions/38023213
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-samba-winbind_integrating-rhel-systems-directly-with-active-directory#proc_joining-samba-to-a-domain_connecting-rhel-systems-directly-to-ad-using-samba-winbind
I've followed this SAMBA setup:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
I have given folder rights for groups to the AD "Domain Users"
output of ls -l
drwxrwxrwx 3 root domain users@domain.local 21 Sep 19 12:09 /acct
Here is my smb.conf file:
======================= Global Settings =====================================
[global]
realm = DOMAIN.LOCAL
workgroup = DOMAIN
netbios name = rhel9-server
security = ads
kerberos method = secrets and keytab
idmap config * : backend = tdb
idmap config * : range = 10000-199999
idmap config DOMAIN : backend = sss
idmap config DOMAIN : range = 200000-2147483647
load printers = no
disable spoolss = yes
machine password timeout = 0
============================ Share Definitions ==============================
[acct]
comment = Accounting
writeable = yes
valid users = acct, +"DOMAIN\Domain Users"
write list = acct, +"DOMAIN\Domain Users"
path = /program/acct