[Samba] Domain users not resolving...

Rowland Penny rowlandpenny at googlemail.com
Mon Aug 25 07:20:35 MDT 2014 

On 25/08/14 13:59, Ryan Ashley wrote:
> On 08/23/2014 04:26 AM, Rowland Penny wrote:
>> On 23/08/14 01:19, Ryan Ashley wrote:
>>> Rowland, I did not do this. This is a new client who dropped their 
>>> old IT support due to issues on the network. I found out it was not 
>>> having access to the sysvol. That is where I figured out what I 
>>> have. I do use FHS in my builds, but I would never put it into a 
>>> root directory like this. I guess the other team was testing Samba 
>>> and using a client to test on! I do agree 100% that the issue is the 
>>> path. However, I can feel good that I didn't do such a bone-headed 
>>> move!
>>>
>>> Sorry for the lack of files, I had to figure out how it was set up. 
>>> Everything, including the configuration file is in "/samba", which 
>>> appears to be a separate partition. Here is what you requested.
>>>
>>> Samba 4.1.11 64bit
>>> Debian Squeeze 64bit
>>>
>>> =========
>>> smb.conf:
>>> =========
>>> # Global parameters
>>> [global]
>>>         workgroup = DOMAIN
>>>         realm = DOMAIN.LOCAL
>>>         netbios name = DC01
>>>         server role = active directory domain controller
>>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
>>> drepl, winbind, ntp_signd, kcc, dnsupdate
>>>         interfaces = 127.0.0.1, 192.168.0.1
>>>
>>> [netlogon]
>>>         path = /samba/var/locks/sysvol/kigm.local/scripts
>>>         read only = No
>>>
>>> [sysvol]
>>>         path = /samba/var/locks/sysvol
>>>         read only = No
>>>
>>> =========
>>> krb5.conf:
>>> =========
>>> [libdefaults]
>>>         default_realm = DOMAIN.LOCAL
>>>         dns_lookup_realm = false
>>>         dns_lookup_kdc = true
>>>
>>> =================
>>> Rowland's Request:
>>> =================
>>> root at dc01:~# /samba/sbin/samba -b
>>> Samba version: 4.1.11
>>> Build environment:
>>>    Build host:  Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 
>>> UTC 2014 x86_64 GNU/Linux
>>> Paths:
>>>    BINDIR: /samba/bin
>>>    SBINDIR: /samba/sbin
>>>    CONFIGFILE: /samba/etc/smb.conf
>>>    NCALRPCDIR: /samba/var/run/ncalrpc
>>>    LOGFILEBASE: /samba/var
>>>    LMHOSTSFILE: /samba/etc/lmhosts
>>>    DATADIR: /samba/share
>>>    MODULESDIR: /samba/lib
>>>    LOCKDIR: /samba/var/lock
>>>    STATEDIR: /samba/var/locks
>>>    CACHEDIR: /samba/var/cache
>>>    PIDDIR: /samba/var/run
>>>    PRIVATE_DIR: /samba/private
>>>    CODEPAGEDIR: /samba/share/codepages
>>>    SETUPDIR: /samba/share/setup
>>>    WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
>>>    WINBINDD_PRIVILEGED_SOCKET_DIR: /samba/var/lib/winbindd_privileged
>>>    NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd
>>>
>>> No ID's have been setup. The rfc2307 stuff is there, but they're not 
>>> using it. They have two Samba DC's and everything else is Windows 7. 
>>> They were using rsync to sync the sysvol, which had caused issues 
>>> with GID/UID on the second DC, but I fixed that already. Well, tried 
>>> to anyway. It is setup the EXACT same way. It also has issues with 
>>> this stuff.
>>>
>>> I have a theory as to how to fix this but want advice first. If I am 
>>> wrong, so be it. I would like to build Samba the STANDARD way (FHS, 
>>> bin files go to /bin, etc) but have one concern. If I do this, do I 
>>> simply need to adjust the paths in the configuration file and move 
>>> the sysvol to the proper location? On all of the systems I do, this 
>>> is always "/var/lib/samba/sysvol". I would obviously have to move 
>>> the tdb files and such to "/var/lib/samba" as well. Would that work, 
>>> or am I going to have to deal with this the way it is?
>>>
>>> If you need anything else, please ask. Remember, this is a DC and 
>>> while rfc2307 attributes exist, they're not being used. Probably due 
>>> to no Linux member servers.
>>>
>>> On 8/22/2014 4:54 PM, Rowland Penny wrote:
>>>> On 22/08/14 21:40, Marc Muehlfeld wrote:
>>>>> Hello,
>>>>>
>>>>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
>>>>>> I stepped into a setup where Samba was compiled and installed into
>>>>>> "/samba". The configure command on the DC is "configure
>>>>>> --prefix=/samba". The links for libnss_wins.so.2 and 
>>>>>> libnss_winbind.so.2
>>>>>> are there and nsswitch.conf is told to use winbind. However, "getent
>>>>>> group" returns only local users, "id" finds NO domain users, and 
>>>>>> "getent
>>>>>> passwd" returns only local users. I did do a rebuild of Samba after
>>>>>> verifying the dependencies were there and configured/installed 
>>>>>> the same
>>>>>> way so everything is in place. Still no dice. This guy was still 
>>>>>> running
>>>>>> Debian Squeeze so the install is probably old. Things seem to 
>>>>>> run, but
>>>>>> no systems can access the sysvol even after a reset, which led to 
>>>>>> this
>>>>>> discovery.
>>>>>>
>>>>>> Now, my thinking is that maybe the binaries in "/samba/bin" 
>>>>>> should be
>>>>>> linked to "/bin" and the same goes for the sbin stuff. Is this my 
>>>>>> issue
>>>>>> or what am I looking at? Yes, I stepped into it this time...
>>>>>
>>>>> It would be much easier to help, if you give some information 
>>>>> about your
>>>>> environment.
>>>>>
>>>>> - smb.conf
>>>>> - Samba version
>>>>> - IDs, etc. configured in your backend (depending on your Idmap 
>>>>> config)
>>>>> - etc.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>> Marc
>>>>>
>>>> It would also help if you followed the howto and didn't change bits 
>>>> that you don't like, just why did you install into /samba instead 
>>>> of /usr/local/samba ?
>>>> Everything out there is based on self compiling into 
>>>> /usr/local/samba, the wiki gives you the instructions based on this.
>>>>
>>>> having said this, it is possibly/probably a path problem, could you 
>>>> please post (along with what Marc has asked for) the result of 
>>>> 'samba -b'
>>>>
>>>> Rowland
>>>
>> OK, what does 'echo "$PATH"' return, does it have '/samba/sbin' & 
>> '/samba/bin' in it ?
>>
>> If not, try this:
>>
>> export PATH=/samba/sbin:/samba/bin:$PATH
>>
>> if everything now works correctly, do this:
>>
>> echo "PATH=/samba/sbin:/samba/bin:$PATH" > /etc/profile.d/samba4.sh
>>
>> Rowland
> Rowland, nothing in /samba is in the path. I had already tried your 
> suggestion, but I did it again this morning and here are my results. 
> It does not fix the issue. I also included some configuration files 
> and such.
>
> root at dc01:~# echo "$PATH"
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> root at dc01:~# export PATH=$PATH:/samba/bin:/samba/sbin

Ryan, why do you never read anything correctly <sigh>

It should have been:

export PATH=/samba/sbin:/samba/bin:$PATH


The way you have it, if there are ANY other samba binaries in your PATH, 
they will be found before the ones you have installed in /samba.

Also, and this came up on another recent post, you may have to create 
the winbind symlinks to get getent to work with AD. See the wiki, on the 
member servers page.

Rowland

> root at dc01:~# id maliag
> id: maliag: No such user
> root at dc01:~# id michaelh
> id: michaelh: No such user
> root at dc01:~# getent passwd
> root:x:0:0:root:/root:/bin/bash
> daemon:x:1:1:daemon:/usr/sbin:/bin/sh
> bin:x:2:2:bin:/bin:/bin/sh
> sys:x:3:3:sys:/dev:/bin/sh
> sync:x:4:65534:sync:/bin:/bin/sync
> games:x:5:60:games:/usr/games:/bin/sh
> man:x:6:12:man:/var/cache/man:/bin/sh
> lp:x:7:7:lp:/var/spool/lpd:/bin/sh
> mail:x:8:8:mail:/var/mail:/bin/sh
> news:x:9:9:news:/var/spool/news:/bin/sh
> uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
> proxy:x:13:13:proxy:/bin:/bin/sh
> www-data:x:33:33:www-data:/var/www:/bin/sh
> backup:x:34:34:backup:/var/backups:/bin/sh
> list:x:38:38:Mailing List Manager:/var/list:/bin/sh
> irc:x:39:39:ircd:/var/run/ircd:/bin/sh
> gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
> nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
> libuuid:x:100:101::/var/lib/libuuid:/bin/sh
> ntp:x:101:103::/home/ntp:/bin/false
> sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
> bind:x:103:105::/var/cache/bind:/bin/false
> root at dc01:~# cat /samba/etc/smb.conf
> # Global parameters
> [global]
>         workgroup = KIGM
>         realm = KIGM.LOCAL
>         netbios name = DC01
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbind, ntp_signd, kcc, dnsupdate
>         interfaces = 127.0.0.1, 192.168.0.1
>
> [netlogon]
>         path = /samba/var/locks/sysvol/kigm.local/scripts
>         read only = No
>
> [sysvol]
>         path = /samba/var/locks/sysvol
>         read only = No
> root at dc01:~# cat /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, 
> try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
>
> hosts:          files dns wins
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
> root at dc01:~# wbinfo -g
> Enterprise Read-Only Domain Controllers
> Domain Admins
> Domain Users
> Domain Guests
> Domain Computers
> Domain Controllers
> Schema Admins
> Enterprise Admins
> Group Policy Creator Owners
> Read-Only Domain Controllers
> DnsUpdateProxy
> Operations
> AV
> Graphics
> WAFA
> Finance
> Logos
> Streaming
> root at dc01:~# cat /etc/krb5.conf
> [libdefaults]
>         default_realm = KIGM.LOCAL
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>
> Thanks for the help. What about my suggestion to perform a normal 
> install per the book and then move everything in /samba/var/lib to the 
> correct location? Would that not work? I agree with you that this 
> issue is caused by the odd install location.

More information about the samba mailing list