[Samba] Domain users not resolving...
Rowland Penny
rowlandpenny at googlemail.com
Mon Aug 25 07:32:04 MDT 2014
On 25/08/14 14:22, L.P.H. van Belle wrote:
> Why dont you upgrade to debian Wheezy and start using or wheezy-backports samba of sernet-samba.
> If you backup all your old samba files, the transfer for an own build of samba to debian samba ( or sernet samba )
> isnt that hard.
>
> about the id.
>
> on my DC : id user => not found, but must say, i dont use my dc for anything else but being a DC with sysvol.
> getent passwd = > nothing ( and correct i dont have winbind set in my nsswitch.conf )
> wbinfo -u = all my users
> wbinfo -g = all my groups.
Hi Louis, this is probably because you don't have the winbind links
installed, on Debian using samba from backports this is easy, you just
need to install a few packages, but when you compile samba4, you need to
create a couple of symlinks. There used to be a samba4 winbind page in
the wiki, but this seems to have vanished.
Rowland
>
> on my member server : id user1 : uid=5003(user1) gid=5000(domain users) groups=5000(domain users),4294967295,4294967295,4294967295,4294967295,50002(BUILTIN\users)
> getent passwd => only the users with UID assigned.
> getent group => only groups with GID assigned.
> wbinfo -u = all my users
> wbinfo -g = all my groups.
>
> but just a question for what are you using the RFC2307 uid on the DC server for?
>
>
> Check if your smb.conf on all your Domain Controllers contain the following parameter in the „[global]“ section:
> idmap_ldb:use rfc2307 = yes
>
> ( see http://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC )
>
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: ryana at reachtechfp.com
>> [mailto:samba-bounces at lists.samba.org] Namens Ryan Ashley
>> Verzonden: maandag 25 augustus 2014 14:59
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Domain users not resolving...
>>
>> On 08/23/2014 04:26 AM, Rowland Penny wrote:
>>> On 23/08/14 01:19, Ryan Ashley wrote:
>>>> Rowland, I did not do this. This is a new client who dropped their
>>>> old IT support due to issues on the network. I found out it was not
>>>> having access to the sysvol. That is where I figured out
>> what I have.
>>>> I do use FHS in my builds, but I would never put it into a root
>>>> directory like this. I guess the other team was testing Samba and
>>>> using a client to test on! I do agree 100% that the issue is the
>>>> path. However, I can feel good that I didn't do such a
>> bone-headed move!
>>>> Sorry for the lack of files, I had to figure out how it was set up.
>>>> Everything, including the configuration file is in "/samba", which
>>>> appears to be a separate partition. Here is what you requested.
>>>>
>>>> Samba 4.1.11 64bit
>>>> Debian Squeeze 64bit
>>>>
>>>> =========
>>>> smb.conf:
>>>> =========
>>>> # Global parameters
>>>> [global]
>>>> workgroup = DOMAIN
>>>> realm = DOMAIN.LOCAL
>>>> netbios name = DC01
>>>> server role = active directory domain controller
>>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>>> drepl, winbind, ntp_signd, kcc, dnsupdate
>>>> interfaces = 127.0.0.1, 192.168.0.1
>>>>
>>>> [netlogon]
>>>> path = /samba/var/locks/sysvol/kigm.local/scripts
>>>> read only = No
>>>>
>>>> [sysvol]
>>>> path = /samba/var/locks/sysvol
>>>> read only = No
>>>>
>>>> =========
>>>> krb5.conf:
>>>> =========
>>>> [libdefaults]
>>>> default_realm = DOMAIN.LOCAL
>>>> dns_lookup_realm = false
>>>> dns_lookup_kdc = true
>>>>
>>>> =================
>>>> Rowland's Request:
>>>> =================
>>>> root at dc01:~# /samba/sbin/samba -b
>>>> Samba version: 4.1.11
>>>> Build environment:
>>>> Build host: Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13
>> 16:34:35
>>>> UTC 2014 x86_64 GNU/Linux
>>>> Paths:
>>>> BINDIR: /samba/bin
>>>> SBINDIR: /samba/sbin
>>>> CONFIGFILE: /samba/etc/smb.conf
>>>> NCALRPCDIR: /samba/var/run/ncalrpc
>>>> LOGFILEBASE: /samba/var
>>>> LMHOSTSFILE: /samba/etc/lmhosts
>>>> DATADIR: /samba/share
>>>> MODULESDIR: /samba/lib
>>>> LOCKDIR: /samba/var/lock
>>>> STATEDIR: /samba/var/locks
>>>> CACHEDIR: /samba/var/cache
>>>> PIDDIR: /samba/var/run
>>>> PRIVATE_DIR: /samba/private
>>>> CODEPAGEDIR: /samba/share/codepages
>>>> SETUPDIR: /samba/share/setup
>>>> WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
>>>> WINBINDD_PRIVILEGED_SOCKET_DIR:
>> /samba/var/lib/winbindd_privileged
>>>> NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd
>>>>
>>>> No ID's have been setup. The rfc2307 stuff is there, but
>> they're not
>>>> using it. They have two Samba DC's and everything else is
>> Windows 7.
>>>> They were using rsync to sync the sysvol, which had caused issues
>>>> with GID/UID on the second DC, but I fixed that already.
>> Well, tried
>>>> to anyway. It is setup the EXACT same way. It also has issues with
>>>> this stuff.
>>>>
>>>> I have a theory as to how to fix this but want advice
>> first. If I am
>>>> wrong, so be it. I would like to build Samba the STANDARD way (FHS,
>>>> bin files go to /bin, etc) but have one concern. If I do this, do I
>>>> simply need to adjust the paths in the configuration file and move
>>>> the sysvol to the proper location? On all of the systems I do, this
>>>> is always "/var/lib/samba/sysvol". I would obviously have
>> to move the
>>>> tdb files and such to "/var/lib/samba" as well. Would that work, or
>>>> am I going to have to deal with this the way it is?
>>>>
>>>> If you need anything else, please ask. Remember, this is a DC and
>>>> while rfc2307 attributes exist, they're not being used.
>> Probably due
>>>> to no Linux member servers.
>>>>
>>>> On 8/22/2014 4:54 PM, Rowland Penny wrote:
>>>>> On 22/08/14 21:40, Marc Muehlfeld wrote:
>>>>>> Hello,
>>>>>>
>>>>>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
>>>>>>> I stepped into a setup where Samba was compiled and
>> installed into
>>>>>>> "/samba". The configure command on the DC is "configure
>>>>>>> --prefix=/samba". The links for libnss_wins.so.2 and
>>>>>>> libnss_winbind.so.2
>>>>>>> are there and nsswitch.conf is told to use winbind.
>> However, "getent
>>>>>>> group" returns only local users, "id" finds NO domain users, and
>>>>>>> "getent
>>>>>>> passwd" returns only local users. I did do a rebuild of
>> Samba after
>>>>>>> verifying the dependencies were there and
>> configured/installed the
>>>>>>> same
>>>>>>> way so everything is in place. Still no dice. This guy was still
>>>>>>> running
>>>>>>> Debian Squeeze so the install is probably old. Things
>> seem to run,
>>>>>>> but
>>>>>>> no systems can access the sysvol even after a reset,
>> which led to
>>>>>>> this
>>>>>>> discovery.
>>>>>>>
>>>>>>> Now, my thinking is that maybe the binaries in
>> "/samba/bin" should be
>>>>>>> linked to "/bin" and the same goes for the sbin stuff.
>> Is this my
>>>>>>> issue
>>>>>>> or what am I looking at? Yes, I stepped into it this time...
>>>>>> It would be much easier to help, if you give some
>> information about
>>>>>> your
>>>>>> environment.
>>>>>>
>>>>>> - smb.conf
>>>>>> - Samba version
>>>>>> - IDs, etc. configured in your backend (depending on your Idmap
>>>>>> config)
>>>>>> - etc.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Marc
>>>>>>
>>>>> It would also help if you followed the howto and didn't
>> change bits
>>>>> that you don't like, just why did you install into /samba
>> instead of
>>>>> /usr/local/samba ?
>>>>> Everything out there is based on self compiling into
>>>>> /usr/local/samba, the wiki gives you the instructions
>> based on this.
>>>>> having said this, it is possibly/probably a path problem,
>> could you
>>>>> please post (along with what Marc has asked for) the result of
>>>>> 'samba -b'
>>>>>
>>>>> Rowland
>>> OK, what does 'echo "$PATH"' return, does it have '/samba/sbin' &
>>> '/samba/bin' in it ?
>>>
>>> If not, try this:
>>>
>>> export PATH=/samba/sbin:/samba/bin:$PATH
>>>
>>> if everything now works correctly, do this:
>>>
>>> echo "PATH=/samba/sbin:/samba/bin:$PATH" > /etc/profile.d/samba4.sh
>>>
>>> Rowland
>> Rowland, nothing in /samba is in the path. I had already tried your
>> suggestion, but I did it again this morning and here are my
>> results. It
>> does not fix the issue. I also included some configuration
>> files and such.
>>
>> root at dc01:~# echo "$PATH"
>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>> root at dc01:~# export PATH=$PATH:/samba/bin:/samba/sbin
>> root at dc01:~# id maliag
>> id: maliag: No such user
>> root at dc01:~# id michaelh
>> id: michaelh: No such user
>> root at dc01:~# getent passwd
>> root:x:0:0:root:/root:/bin/bash
>> daemon:x:1:1:daemon:/usr/sbin:/bin/sh
>> bin:x:2:2:bin:/bin:/bin/sh
>> sys:x:3:3:sys:/dev:/bin/sh
>> sync:x:4:65534:sync:/bin:/bin/sync
>> games:x:5:60:games:/usr/games:/bin/sh
>> man:x:6:12:man:/var/cache/man:/bin/sh
>> lp:x:7:7:lp:/var/spool/lpd:/bin/sh
>> mail:x:8:8:mail:/var/mail:/bin/sh
>> news:x:9:9:news:/var/spool/news:/bin/sh
>> uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
>> proxy:x:13:13:proxy:/bin:/bin/sh
>> www-data:x:33:33:www-data:/var/www:/bin/sh
>> backup:x:34:34:backup:/var/backups:/bin/sh
>> list:x:38:38:Mailing List Manager:/var/list:/bin/sh
>> irc:x:39:39:ircd:/var/run/ircd:/bin/sh
>> gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
>> nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
>> libuuid:x:100:101::/var/lib/libuuid:/bin/sh
>> ntp:x:101:103::/home/ntp:/bin/false
>> sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
>> bind:x:103:105::/var/cache/bind:/bin/false
>> root at dc01:~# cat /samba/etc/smb.conf
>> # Global parameters
>> [global]
>> workgroup = KIGM
>> realm = KIGM.LOCAL
>> netbios name = DC01
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbind, ntp_signd, kcc, dnsupdate
>> interfaces = 127.0.0.1, 192.168.0.1
>>
>> [netlogon]
>> path = /samba/var/locks/sysvol/kigm.local/scripts
>> read only = No
>>
>> [sysvol]
>> path = /samba/var/locks/sysvol
>> read only = No
>> root at dc01:~# cat /etc/nsswitch.conf
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages
>> installed, try:
>> # `info libc "Name Service Switch"' for information about this file.
>>
>> passwd: compat winbind
>> group: compat winbind
>> shadow: compat
>>
>> hosts: files dns wins
>> networks: files
>>
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>>
>> netgroup: nis
>> root at dc01:~# wbinfo -g
>> Enterprise Read-Only Domain Controllers
>> Domain Admins
>> Domain Users
>> Domain Guests
>> Domain Computers
>> Domain Controllers
>> Schema Admins
>> Enterprise Admins
>> Group Policy Creator Owners
>> Read-Only Domain Controllers
>> DnsUpdateProxy
>> Operations
>> AV
>> Graphics
>> WAFA
>> Finance
>> Logos
>> Streaming
>> root at dc01:~# cat /etc/krb5.conf
>> [libdefaults]
>> default_realm = KIGM.LOCAL
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> Thanks for the help. What about my suggestion to perform a normal
>> install per the book and then move everything in /samba/var/lib to the
>> correct location? Would that not work? I agree with you that
>> this issue
>> is caused by the odd install location.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
More information about the samba
mailing list