[Samba] Validate Ids Multiple DC

[L.P.H. van Belle]

Yes, im sure.. 

 

Check : 

dc1:~# samba-tool testparm -v | grep winbind

 

        winbind separator = \

        winbind cache time = 300

        winbind reconnect delay = 30

        winbind request timeout = 60

        winbind max clients = 200

        winbind enum users = No

        winbind enum groups = No

        winbind use default domain = Yes             <====  

        winbind trusted domains only = No

        winbind nested groups = Yes

        winbind expand groups = 4

        winbind nss info = rfc2307

        winbind refresh tickets = No

        winbind offline logon = No

        winbind normalize names = No

        winbind rpc only = No

        winbind max domain connections = 1

        winbindd socket directory = /var/run/samba/winbindd

        winbindd privileged socket directory = /var/lib/samba/winbindd_privileged

        winbind sealed pipes = Yes

        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate

 

If you want a copy of my complete config, let me know. 

 

 

Greetz, 

 

Louis

 

 

 

> -----Oorspronkelijk bericht-----

> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny

> Verzonden: vrijdag 29 januari 2016 16:06

> Aan: samba at lists.samba.org

> Onderwerp: Re: [Samba] Validate Ids Multiple DC

> 

> On 29/01/16 12:07, L.P.H. van Belle wrote:

> > Hai Rowland.

> >

> > What you tried is ok, or im misunderstanding you.

> >

> > For me :

> > All members give me.

> > getent passwd myuser

> > myuser:*:10002:10000::/home/users/myuser:/bin/bash

> >

> > id myuser

> > uid=10002(myuser) gid=10000(domain users)

> >

> > the memberservers are or sernet samba 4.2.7 or debian samba 4.1.17

> >

> > and on the DCs.  ( only sernet samba 4.2.7 )

> >

> > getent passwd myuser

> > myuser:*:10002:10000:L.P.H. van Belle:/home/users/ myuser:/bin/bash

> >

> > id myuser

> > uid=10002(myuser) gid=10000(domain users)

> >

> > forgot to mention 1 restriction.

> >

> > In the DC's i also have

> >          template shell = /bin/bash

> >          template homedir = /home/users/%U

> >

> > The restriction is that you must use above shell and homedirs for all

> you users and must be the same in the AD unix tab.

> >

> > The GECOS is different, but who uses that..

> >

> >

> > Greetz,

> >

> > Louis

> >

> >

> >

> 

> OK, I get virtually the same replies as you, except for 'getent passwd

> rowland' I get:

> 

> HOME\rowland:*:10000:10000:Rowland Penny:/home/HOME/rowland:/bin/false

> 

> I do not have the template lines in smb.conf

> 

> As you can see I get 'DOMAIN\username' instead of just username, the

> only rfc2307 attributes I get from AD are the users uidNumber and the

> users primary group gidNumber.

> 

> Are you sure that winbind on a DC uses the default domain ?

> 

> Rowland

> 

> 

> --

> To unsubscribe from this list go to the following URL and read the

> instructions:  https://lists.samba.org/mailman/options/samba