[Samba] Domain users not resolving...
Ryan Ashley
ryana at reachtechfp.com
Mon Aug 25 08:19:24 MDT 2014
Rowland, I would LOVE to upgrade, but as I am brand-new to this location
and it has this borked Samba install, I am hesitant. Is there a guide or
wiki article on the correct way to do this? If it was just going from
Squeeze to Wheezy, that's cake! I am more concerned with the location of
everything relating to Samba. Since it is all on "/samba", what do I
need to backup? I am assuming the following is what I need to do, but
must make sure first. I do not want to have to rebuild an entire domain
if I can help it!
/samba/etc -> /etc/samba
/samba/lib -> /var/lib/samba
/samba/private -> /var/lib/samba/private
/samba/locks/sysvol -> /var/lib/samba/sysvol
Is this correct? The locations on the right of the arrow are where those
directories are on my functioning domain controllers at other locations.
I've never seen a setup like this before. However, due to this location
having TWO DC's, I could easily take one down, install Wheezy from
scratch (clean install) and set it up correctly, allow it to sync, then
do the other one. Am I correct in that?
On 8/25/2014 9:45 AM, L.P.H. van Belle wrote:
> Hai Rowland,
>
> yeah.. i know.
> The DC's are using sernet-samba and the links arent there because i dont use it. ;-)
>
> Thats the same with the "Proper sysvol replication solution..." threat..
> Yes i have mixed XIDs on my DC's, but i have all correct UIDs on my sysvol.
> and yes, samba-tool ntacl sysvolcheck gives. .
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception etc...
>
> but i dont mind. all my shares on the DC (sysvol and netlogon) ( used from within windows ) work 100% ok.
> GPO is processed without errors so i dont care. i just dont run samba-tool ntacl sysvolcheck :-)
>
> my logs on my DC are all (whole my debian server logs ) error free.
> and i rechecked my windows logs after a login, after is saw the threat about it to be really long..
> but same there 100% error free..
>
> But thanks for the notice!
>
> and for Ryan.
>
> The debian Samba (backports 4.1.11 ) paths
> Paths:
> SBINDIR: /usr/sbin
> BINDIR: /usr/bin
> CONFIGFILE: /etc/samba/smb.conf
> LOGFILEBASE: /var/log/samba
> LMHOSTSFILE: /etc/samba/lmhosts
> LIBDIR: /usr/lib/x86_64-linux-gnu
> MODULESDIR: /usr/lib/x86_64-linux-gnu/samba
> SHLIBEXT: so
> LOCKDIR: /var/run/samba
> STATEDIR: /var/lib/samba
> CACHEDIR: /var/cache/samba
> PIDDIR: /var/run/samba
> SMB_PASSWD_FILE: /etc/samba/smbpasswd
> PRIVATE_DIR: /var/lib/samba/private
>
> just compare them with you local installed then stop samba, install backports samba, stop samba ( the backports version) copy the old files the above locations and start samba.
>
>
>
> Greetz,
>
> Louis
>
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: rowlandpenny at googlemail.com
>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>> Verzonden: maandag 25 augustus 2014 15:32
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Domain users not resolving...
>>
>> On 25/08/14 14:22, L.P.H. van Belle wrote:
>>> Why dont you upgrade to debian Wheezy and start using or
>> wheezy-backports samba of sernet-samba.
>>> If you backup all your old samba files, the transfer for an
>> own build of samba to debian samba ( or sernet samba )
>>> isnt that hard.
>>>
>>> about the id.
>>>
>>> on my DC : id user => not found, but must say, i dont use
>> my dc for anything else but being a DC with sysvol.
>>> getent passwd = > nothing ( and correct i dont have winbind
>> set in my nsswitch.conf )
>>> wbinfo -u = all my users
>>> wbinfo -g = all my groups.
>> Hi Louis, this is probably because you don't have the winbind links
>> installed, on Debian using samba from backports this is easy, you just
>> need to install a few packages, but when you compile samba4,
>> you need to
>> create a couple of symlinks. There used to be a samba4 winbind page in
>> the wiki, but this seems to have vanished.
>>
>> Rowland
>>> on my member server : id user1 : uid=5003(user1)
>> gid=5000(domain users) groups=5000(domain
>> users),4294967295,4294967295,4294967295,4294967295,50002(BUILTIN\users)
>>> getent passwd => only the users with UID assigned.
>>> getent group => only groups with GID assigned.
>>> wbinfo -u = all my users
>>> wbinfo -g = all my groups.
>>>
>>> but just a question for what are you using the RFC2307 uid
>> on the DC server for?
>>>
>>> Check if your smb.conf on all your Domain Controllers
>> contain the following parameter in the „[global]“ section:
>>> idmap_ldb:use rfc2307 = yes
>>>
>>> ( see http://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC )
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: ryana at reachtechfp.com
>>>> [mailto:samba-bounces at lists.samba.org] Namens Ryan Ashley
>>>> Verzonden: maandag 25 augustus 2014 14:59
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] Domain users not resolving...
>>>>
>>>> On 08/23/2014 04:26 AM, Rowland Penny wrote:
>>>>> On 23/08/14 01:19, Ryan Ashley wrote:
>>>>>> Rowland, I did not do this. This is a new client who dropped their
>>>>>> old IT support due to issues on the network. I found out
>> it was not
>>>>>> having access to the sysvol. That is where I figured out
>>>> what I have.
>>>>>> I do use FHS in my builds, but I would never put it into a root
>>>>>> directory like this. I guess the other team was testing Samba and
>>>>>> using a client to test on! I do agree 100% that the issue is the
>>>>>> path. However, I can feel good that I didn't do such a
>>>> bone-headed move!
>>>>>> Sorry for the lack of files, I had to figure out how it
>> was set up.
>>>>>> Everything, including the configuration file is in "/samba", which
>>>>>> appears to be a separate partition. Here is what you requested.
>>>>>>
>>>>>> Samba 4.1.11 64bit
>>>>>> Debian Squeeze 64bit
>>>>>>
>>>>>> =========
>>>>>> smb.conf:
>>>>>> =========
>>>>>> # Global parameters
>>>>>> [global]
>>>>>> workgroup = DOMAIN
>>>>>> realm = DOMAIN.LOCAL
>>>>>> netbios name = DC01
>>>>>> server role = active directory domain controller
>>>>>> server services = s3fs, rpc, nbt, wrepl, ldap,
>> cldap, kdc,
>>>>>> drepl, winbind, ntp_signd, kcc, dnsupdate
>>>>>> interfaces = 127.0.0.1, 192.168.0.1
>>>>>>
>>>>>> [netlogon]
>>>>>> path = /samba/var/locks/sysvol/kigm.local/scripts
>>>>>> read only = No
>>>>>>
>>>>>> [sysvol]
>>>>>> path = /samba/var/locks/sysvol
>>>>>> read only = No
>>>>>>
>>>>>> =========
>>>>>> krb5.conf:
>>>>>> =========
>>>>>> [libdefaults]
>>>>>> default_realm = DOMAIN.LOCAL
>>>>>> dns_lookup_realm = false
>>>>>> dns_lookup_kdc = true
>>>>>>
>>>>>> =================
>>>>>> Rowland's Request:
>>>>>> =================
>>>>>> root at dc01:~# /samba/sbin/samba -b
>>>>>> Samba version: 4.1.11
>>>>>> Build environment:
>>>>>> Build host: Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13
>>>> 16:34:35
>>>>>> UTC 2014 x86_64 GNU/Linux
>>>>>> Paths:
>>>>>> BINDIR: /samba/bin
>>>>>> SBINDIR: /samba/sbin
>>>>>> CONFIGFILE: /samba/etc/smb.conf
>>>>>> NCALRPCDIR: /samba/var/run/ncalrpc
>>>>>> LOGFILEBASE: /samba/var
>>>>>> LMHOSTSFILE: /samba/etc/lmhosts
>>>>>> DATADIR: /samba/share
>>>>>> MODULESDIR: /samba/lib
>>>>>> LOCKDIR: /samba/var/lock
>>>>>> STATEDIR: /samba/var/locks
>>>>>> CACHEDIR: /samba/var/cache
>>>>>> PIDDIR: /samba/var/run
>>>>>> PRIVATE_DIR: /samba/private
>>>>>> CODEPAGEDIR: /samba/share/codepages
>>>>>> SETUPDIR: /samba/share/setup
>>>>>> WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
>>>>>> WINBINDD_PRIVILEGED_SOCKET_DIR:
>>>> /samba/var/lib/winbindd_privileged
>>>>>> NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd
>>>>>>
>>>>>> No ID's have been setup. The rfc2307 stuff is there, but
>>>> they're not
>>>>>> using it. They have two Samba DC's and everything else is
>>>> Windows 7.
>>>>>> They were using rsync to sync the sysvol, which had caused issues
>>>>>> with GID/UID on the second DC, but I fixed that already.
>>>> Well, tried
>>>>>> to anyway. It is setup the EXACT same way. It also has issues with
>>>>>> this stuff.
>>>>>>
>>>>>> I have a theory as to how to fix this but want advice
>>>> first. If I am
>>>>>> wrong, so be it. I would like to build Samba the STANDARD
>> way (FHS,
>>>>>> bin files go to /bin, etc) but have one concern. If I do
>> this, do I
>>>>>> simply need to adjust the paths in the configuration file and move
>>>>>> the sysvol to the proper location? On all of the systems
>> I do, this
>>>>>> is always "/var/lib/samba/sysvol". I would obviously have
>>>> to move the
>>>>>> tdb files and such to "/var/lib/samba" as well. Would
>> that work, or
>>>>>> am I going to have to deal with this the way it is?
>>>>>>
>>>>>> If you need anything else, please ask. Remember, this is a DC and
>>>>>> while rfc2307 attributes exist, they're not being used.
>>>> Probably due
>>>>>> to no Linux member servers.
>>>>>>
>>>>>> On 8/22/2014 4:54 PM, Rowland Penny wrote:
>>>>>>> On 22/08/14 21:40, Marc Muehlfeld wrote:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
>>>>>>>>> I stepped into a setup where Samba was compiled and
>>>> installed into
>>>>>>>>> "/samba". The configure command on the DC is "configure
>>>>>>>>> --prefix=/samba". The links for libnss_wins.so.2 and
>>>>>>>>> libnss_winbind.so.2
>>>>>>>>> are there and nsswitch.conf is told to use winbind.
>>>> However, "getent
>>>>>>>>> group" returns only local users, "id" finds NO domain
>> users, and
>>>>>>>>> "getent
>>>>>>>>> passwd" returns only local users. I did do a rebuild of
>>>> Samba after
>>>>>>>>> verifying the dependencies were there and
>>>> configured/installed the
>>>>>>>>> same
>>>>>>>>> way so everything is in place. Still no dice. This guy
>> was still
>>>>>>>>> running
>>>>>>>>> Debian Squeeze so the install is probably old. Things
>>>> seem to run,
>>>>>>>>> but
>>>>>>>>> no systems can access the sysvol even after a reset,
>>>> which led to
>>>>>>>>> this
>>>>>>>>> discovery.
>>>>>>>>>
>>>>>>>>> Now, my thinking is that maybe the binaries in
>>>> "/samba/bin" should be
>>>>>>>>> linked to "/bin" and the same goes for the sbin stuff.
>>>> Is this my
>>>>>>>>> issue
>>>>>>>>> or what am I looking at? Yes, I stepped into it this time...
>>>>>>>> It would be much easier to help, if you give some
>>>> information about
>>>>>>>> your
>>>>>>>> environment.
>>>>>>>>
>>>>>>>> - smb.conf
>>>>>>>> - Samba version
>>>>>>>> - IDs, etc. configured in your backend (depending on your Idmap
>>>>>>>> config)
>>>>>>>> - etc.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Marc
>>>>>>>>
>>>>>>> It would also help if you followed the howto and didn't
>>>> change bits
>>>>>>> that you don't like, just why did you install into /samba
>>>> instead of
>>>>>>> /usr/local/samba ?
>>>>>>> Everything out there is based on self compiling into
>>>>>>> /usr/local/samba, the wiki gives you the instructions
>>>> based on this.
>>>>>>> having said this, it is possibly/probably a path problem,
>>>> could you
>>>>>>> please post (along with what Marc has asked for) the result of
>>>>>>> 'samba -b'
>>>>>>>
>>>>>>> Rowland
>>>>> OK, what does 'echo "$PATH"' return, does it have '/samba/sbin' &
>>>>> '/samba/bin' in it ?
>>>>>
>>>>> If not, try this:
>>>>>
>>>>> export PATH=/samba/sbin:/samba/bin:$PATH
>>>>>
>>>>> if everything now works correctly, do this:
>>>>>
>>>>> echo "PATH=/samba/sbin:/samba/bin:$PATH" > /etc/profile.d/samba4.sh
>>>>>
>>>>> Rowland
>>>> Rowland, nothing in /samba is in the path. I had already tried your
>>>> suggestion, but I did it again this morning and here are my
>>>> results. It
>>>> does not fix the issue. I also included some configuration
>>>> files and such.
>>>>
>>>> root at dc01:~# echo "$PATH"
>>>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>>> root at dc01:~# export PATH=$PATH:/samba/bin:/samba/sbin
>>>> root at dc01:~# id maliag
>>>> id: maliag: No such user
>>>> root at dc01:~# id michaelh
>>>> id: michaelh: No such user
>>>> root at dc01:~# getent passwd
>>>> root:x:0:0:root:/root:/bin/bash
>>>> daemon:x:1:1:daemon:/usr/sbin:/bin/sh
>>>> bin:x:2:2:bin:/bin:/bin/sh
>>>> sys:x:3:3:sys:/dev:/bin/sh
>>>> sync:x:4:65534:sync:/bin:/bin/sync
>>>> games:x:5:60:games:/usr/games:/bin/sh
>>>> man:x:6:12:man:/var/cache/man:/bin/sh
>>>> lp:x:7:7:lp:/var/spool/lpd:/bin/sh
>>>> mail:x:8:8:mail:/var/mail:/bin/sh
>>>> news:x:9:9:news:/var/spool/news:/bin/sh
>>>> uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
>>>> proxy:x:13:13:proxy:/bin:/bin/sh
>>>> www-data:x:33:33:www-data:/var/www:/bin/sh
>>>> backup:x:34:34:backup:/var/backups:/bin/sh
>>>> list:x:38:38:Mailing List Manager:/var/list:/bin/sh
>>>> irc:x:39:39:ircd:/var/run/ircd:/bin/sh
>>>> gnats:x:41:41:Gnats Bug-Reporting System
>> (admin):/var/lib/gnats:/bin/sh
>>>> nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
>>>> libuuid:x:100:101::/var/lib/libuuid:/bin/sh
>>>> ntp:x:101:103::/home/ntp:/bin/false
>>>> sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
>>>> bind:x:103:105::/var/cache/bind:/bin/false
>>>> root at dc01:~# cat /samba/etc/smb.conf
>>>> # Global parameters
>>>> [global]
>>>> workgroup = KIGM
>>>> realm = KIGM.LOCAL
>>>> netbios name = DC01
>>>> server role = active directory domain controller
>>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>>> drepl, winbind, ntp_signd, kcc, dnsupdate
>>>> interfaces = 127.0.0.1, 192.168.0.1
>>>>
>>>> [netlogon]
>>>> path = /samba/var/locks/sysvol/kigm.local/scripts
>>>> read only = No
>>>>
>>>> [sysvol]
>>>> path = /samba/var/locks/sysvol
>>>> read only = No
>>>> root at dc01:~# cat /etc/nsswitch.conf
>>>> # /etc/nsswitch.conf
>>>> #
>>>> # Example configuration of GNU Name Service Switch functionality.
>>>> # If you have the `glibc-doc-reference' and `info' packages
>>>> installed, try:
>>>> # `info libc "Name Service Switch"' for information about this file.
>>>>
>>>> passwd: compat winbind
>>>> group: compat winbind
>>>> shadow: compat
>>>>
>>>> hosts: files dns wins
>>>> networks: files
>>>>
>>>> protocols: db files
>>>> services: db files
>>>> ethers: db files
>>>> rpc: db files
>>>>
>>>> netgroup: nis
>>>> root at dc01:~# wbinfo -g
>>>> Enterprise Read-Only Domain Controllers
>>>> Domain Admins
>>>> Domain Users
>>>> Domain Guests
>>>> Domain Computers
>>>> Domain Controllers
>>>> Schema Admins
>>>> Enterprise Admins
>>>> Group Policy Creator Owners
>>>> Read-Only Domain Controllers
>>>> DnsUpdateProxy
>>>> Operations
>>>> AV
>>>> Graphics
>>>> WAFA
>>>> Finance
>>>> Logos
>>>> Streaming
>>>> root at dc01:~# cat /etc/krb5.conf
>>>> [libdefaults]
>>>> default_realm = KIGM.LOCAL
>>>> dns_lookup_realm = false
>>>> dns_lookup_kdc = true
>>>>
>>>> Thanks for the help. What about my suggestion to perform a normal
>>>> install per the book and then move everything in
>> /samba/var/lib to the
>>>> correct location? Would that not work? I agree with you that
>>>> this issue
>>>> is caused by the odd install location.
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
More information about the samba
mailing list