[Samba] Join Samba4 in a Samba4 AD

DarkZad darkzad at yahoo.com.br
Sat Nov 9 07:00:49 MST 2013 

saida do ldapsearch

# extended LDIF
#
# LDAPv3
# base <DC=tudor,DC=local> with scope subtree
# filter: cn=marcelo
# requesting: ALL
#

# marcelo, Users, tudor.local
dn: CN=marcelo,CN=Users,DC=tudor,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: marcelo
instanceType: 4
whenCreated: 20131109130551.0Z
whenChanged: 20131109130551.0Z
uSNCreated: 4860
name: marcelo
objectGUID:: V8qCGb8KwEqTB0SuaABscw==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAACJ+1yPvM4+uH+r6wjQ4AAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: marcelo
sAMAccountType: 805306368
userPrincipalName: marcelo at tudor.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=tudor,DC=local
pwdLastSet: 130284759510000000
userAccountControl: 512
uSNChanged: 4862
distinguishedName: CN=marcelo,CN=Users,DC=tudor,DC=local

# search reference
ref: ldap://tudor.local/CN=Configuration,DC=tudor,DC=local

# search reference
ref: ldap://tudor.local/DC=DomainDnsZones,DC=tudor,DC=local

# search reference
ref: ldap://tudor.local/DC=ForestDnsZones,DC=tudor,DC=local

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3



Em 09-11-2013 11:56, Rowland Penny escreveu:
> On 09/11/13 13:52, DarkZad wrote:
>> I did not find this command ldapsearch
>
> apt-get install ldap-utils
>
>>
>> I'm running Debian 7
>
> OK, I use Ubuntu 12.04, so similar enough
>
>>
>> Sorry for not having spoken classic upgrade. :O
>
> No problem ;-)
>
>>
>> Em 09-11-2013 11:43, Rowland Penny escreveu:
>>> On 09/11/13 13:30, DarkZad wrote:
>>>> Hum
>>>>
>>>> In my AD had to do an import from Samba3 then did this:
>>>> samba-tool domain classicupgrade --dbdir=/root/samba3/ 
>>>> --use-xattrs=yes  --realm=tudor.local /root/samba3/smb.conf
>>>>
>>>>
>>>> I see you have --use-rfc2307
>>>>
>>>>
>>>> AD - smb.conf
>>>>
>>>> [global]
>>>>         workgroup = TUDOR
>>>>         realm = tudor.local
>>>>         netbios name = SRVAD
>>>>         server role = active directory domain controller
>>>>         idmap_ldb:use rfc2307 = yes
>>>>         dns forwarder = 192.168.1.1
>>>>
>>>> [netlogon]
>>>>         path = /usr/local/samba/var/locks/sysvol/tudor.local/scripts
>>>>         read only = No
>>>>
>>>> [sysvol]
>>>>         path = /usr/local/samba/var/locks/sysvol
>>>>         read only = No
>>>>
>>>>
>>>>
>>>>
>>>> Em 09-11-2013 11:19, Rowland Penny escreveu:
>>>>> On 09/11/13 13:13, DarkZad wrote:
>>>>>> Local only.
>>>>>>
>>>>>> This happens in winbind:
>>>>>>
>>>>>> winbindd -i -S -d=4
>>>>>>
>>>>>> child daemon request 59
>>>>>> Could not get unix ID for SID 
>>>>>> S-1-5-21-3367345928-3957574907-2965305991-3360
>>>>>> Finished processing child request 59
>>>>>> child daemon request 59
>>>>>> Finished processing child request 59
>>>>>> child daemon request 59
>>>>>> Could not get unix ID for SID 
>>>>>> S-1-5-21-3367345928-3957574907-2965305991-3354
>>>>>> Finished processing child request 59
>>>>>> child daemon request 59
>>>>>> Finished processing child request 59
>>>>>> child daemon request 59
>>>>>> Could not get unix ID for SID 
>>>>>> S-1-5-21-3367345928-3957574907-2965305991-3024
>>>>>>
>>>>>>
>>>>>>
>>>>>> Em 09-11-2013 11:06, Rowland Penny escreveu:
>>>>>>> Does 'getent passwd' show your domain users? 
>>>>>>
>>>>> You have these two lines in your smb.conf:
>>>>>
>>>>> idmap config TUDOR:backend = ad
>>>>> idmap config TUDOR:schema_mode = rfc2307
>>>>>
>>>>> This shows that you want to use RFC2307 attributes from AD. Did 
>>>>> you provision the Samba 4 AD server with ' --use-rfc2307' and do 
>>>>> you actually have any 'uidNumber' & 'gidNumber' attributes in AD? 
>>>>> because without them, you will get nothing.
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>>
>>> You never said that you had done a classic upgrade from samba 3, 
>>> '--use-rfc2307' is only used when you provision a new domain.
>>>
>>> can you run this command on the samba 4 AD server (altering it to 
>>> suit your domain etc):
>>>
>>> ldapsearch -x -h 127.0.0.1 -b DC=example,DC=com -D 
>>> CN=Administrator,CN=Users,DC=example,DC=com -w <Administrator 
>>> password> 'cn=<a username>'
>>>
>>> It should dump all the users info, amongst which should be uidNumber
>>>
>>> Also what OS are you using?
>>>
>>> Rowland
>>>
>>
>

More information about the samba mailing list