[Samba] Samba 4.5: trying to setup an omnios system as a DC member
Andrea Cucciarrè
acucciarre at cloudian.com
Tue Jun 19 14:10:33 UTC 2018
Hello,
I'm trying to setup an omnios system as a Samba DC member, and I need AD
backend for consistent IDs on all Samba clients.
The AD join is successful, the wbinfo shows the AD users
# /opt/samba/bin/wbinfo -n andrea
S-1-5-21-2680195940-2267646359-3814218302-1109 SID_USER (1)
however, " getent passwd ..." returns nothing for the user (all the AD user)
I have enabled debugging and I can see the following relevant error:
[2018/06/19 15:53:54.302030, 5, pid=638, effective(0, 0), real(0, 0)]
../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
Search for (uid=andrea) in <dc=HYPERFILE,dc=NET> gave 0 replies
[2018/06/19 15:53:54.302082, 5, pid=638, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_cache.c:1276(resolve_alias_to_username)
resolve_alias_to_username: backend query returned
NT_STATUS_OBJECT_NAME_NOT_FOUND
...
[2018/06/19 15:53:54.309621, 5, pid=638, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
Could not convert sid S-1-5-21-2680195940-2267646359-3814218302-1109:
NT_STATUS_NONE_MAPPED
Also the command wbinfo fails to convert the SID to UID
# /opt/samba/bin/wbinfo -S S-1-5-21-2680195940-2267646359-3814218302-1109
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-2680195940-2267646359-3814218302-1109 to uid
This is the relevant smb.conf:
===============================
[global]
log file = /opt/samba/log/%m.log
log level = 10
workgroup = HYPERFILE
security = ADS
realm = HYPERFILE.NET
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Data %h
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind normalize names = Yes
idmap config * : backend = tdb
idmap config * : range = 1000000-2000000
idmap config * : schema_mode = rfc2307
idmap config HYPERFILE:backend = ad
idmap config HYPERFILE:schema_mode = rfc2307
idmap config HYPERFILE:range = 1000-9999
idmap config HYPERFILE:unix_primary_group = yes
username map = /opt/samba/etc/user.map
client ldap sasl wrapping = plain
os level = 20
map to guest = bad user
host msdfs = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
load printers = no
=====================
If I remove in the smb.conf the entries "idmap config HYPERFILE ...", it
works.
Any help would be appreciated.
Regards
Andrea
--
Gestione problematica Andrea Cucciarrè
Technical Support Engineer | EMEA
acucciarre at cloudian.com
More information about the samba
mailing list