[Samba-it] Domain member gentent

Giuseppe Arvati giuseppe.arvati at gmail.com
Wed Dec 18 07:41:57 UTC 2019


Buongiorno a tutti,

ho iniziato a configurare in Domain member

per farlo diventare un file server

Ho seguito praticamente alla lettera le indicazioni di

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

e quindi

  * compilato samba
  * installato
  * creato systemd script per smbd e winbind
  * disabilitato firewall e selinux ( poi li riabiliterò )
  * configurato chronyd
  * creato smb.conf
  * creato /etc/krb5.conf
  * sistemato /etc/resolve.conf
  * sistemato /etc/hosts
  * sistemato nss_switch
  * fatto link alle librerie di nss_winbind
  * fatto join al domino ( ok )
  * assegnato SeDiskOperatorPrivilege (OK)
  * wbinfo -u ( ok )
  * wbinfo -g (ok )
  * gentent group ( KO !!!)

comandi che danno esito OK

[root at dm1piopp ~]# net ads info -U administrator
Enter administrator's password:
LDAP server: 10.1.1.4
LDAP server name: dc1piopp.apam-ad.apam.it
Realm: APAM-AD.APAM.IT
Bind Path: dc=APAM-AD,dc=APAM,dc=IT
LDAP port: 389
Server time: Wed, 18 Dec 2019 08:34:36 CET
KDC server: 10.1.1.4
Server time offset: 0
Last machine account password change: Tue, 17 Dec 2019 18:12:16 CET

[root at dm1piopp ~]# net rpc info -U administrator
Enter administrator's password:
Domain Name: APAM-AD
Domain SID: S-1-5-21-1853045328-2428526881-2616184179
Sequence number: 1
Num users: 217
Num domain groups: 48
Num local groups: 26

[root at dm1piopp ~]# net rpc rights list privileges 
SeDiskOperatorPrivilege -U "administrator"
Enter administrator's password:
SeDiskOperatorPrivilege:
   APAM-AD\Domain Admins
   BUILTIN\Administrators



comandi che danno esito KO

wbinfo -S S-1-5-21-1853045328-2428526881-2616184179-1118

failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-1853045328-2428526881-2616184179-1118 to uid


In pratica sembra non funzionare ( mal configurata ), per quello che 
capisco, la mappatura degli uid


smb.conf

[global]
         workgroup = APAM-AD
         security = ADS
         realm = apam-ad.apam.it
         netbios name = DM1PIOPP

         winbind refresh tickets = Yes
         #-------- da togliere dopo i test
         winbind enum users = yes
         winbind enum groups = yes

         username map = /usr/local/samba/etc/user.map
         vfs objects = acl_xattr
         map acl inherit = yes
         # the next line is only required on Samba versions less than 4.9.0
         store dos attributes = yes

         dedicated keytab file = /etc/krb5.keytab
         kerberos method = secrets and keytab

         idmap config APAM-AD:backend = ad
         idmap config APAM-AD:schema_mode = rfc2307
         idmap config APAM-AD:range = 10000-999999
         idmap config APAM-AD:unix_nss_info = yes

         # idmap_ldb:use rfc2307 = yes

         log file = /usr/local/samba/var/samba.log.%m
         log level = 5

Credo dipenda dai parametri di idmap

In particolare sono incerto su tutta la sezione

         idmap config APAM-AD:backend = ad
         idmap config APAM-AD:schema_mode = rfc2307
         idmap config APAM-AD:range = 10000-999999
         idmap config APAM-AD:unix_nss_info = yes

ma non li conosco bene

Ogni suggerimento è prezioso

molte grazie a tutta la lista

giuseppe






More information about the samba-it mailing list