Samba4 nmbd/smbd/winbindd

Rowland Penny repenny at f2s.com
Tue Aug 28 06:52:51 MDT 2012


Ok, no matter what I did, I could not pull users & groups with getent on 
Centos 6.1. So I have installed Ubuntu 12.04 instead and have gone 
through the download & compiling of Samba4 again.

I set up /usr/local/samba/etc/smb.conf as follows:

[global]
         workgroup = HOME
         realm = home.lan
         server string = Test Samba Server
         security = ADS
         dedicated keytab file = /etc/krb5.keytab
         kerberos method = secrets and keytab
         template shell = /bin/bash
         winbind enum users = yes
         winbind enum groups = yes
         winbind use default domain = yes
         winbind expand groups = 4
         winbind nss info = rfc2307
         winbind refresh tickets = Yes
         winbind offline logon = yes
         winbind normalize names = Yes
         idmap config HOME:schema_mode = rfc2307
         idmap config HOME:range = 20000-3100000
         idmap config HOME:backend = ad
         idmap config *:range = 1100-2000
         idmap config *:backend = tdb

set up $PATH

and joined the Domain:

net ads join -U Administrator at HOME.LAN
Enter Administrator at HOME.LAN's password:
Using short domain name -- HOME
Joined 'SERVER1' to realm 'home.lan'
DNS Update for server1.home.lan failed: ERROR_DNS_INVALID_MESSAGE
DNS update failed: NT_STATUS_UNSUCCESSFUL

Altered /etc/nsswitch.conf

passwd:         compat winbind
group:          compat winbind

and started the daemons:
/usr/local/samba/sbin/nmbd -D
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/winbindd -D

The daemons are running:
ps ax | grep samba
29916 ?        Ss     0:00 /usr/local/samba/sbin/nmbd -D
29918 ?        Ss     0:00 /usr/local/samba/sbin/smbd -D
29919 ?        S      0:00 /usr/local/samba/sbin/smbd -D
29922 ?        Ss     0:00 /usr/local/samba/sbin/winbindd -D
29924 ?        S      0:00 /usr/local/samba/sbin/winbindd -D
29927 ?        S      0:00 /usr/local/samba/sbin/winbindd -D
29928 ?        S      0:00 /usr/local/samba/sbin/winbindd -D
29952 ?        S      0:00 /usr/local/samba/sbin/winbindd -D

wbinfo -u & wbinfo -g are working as expected

Initially getent just returned local users & groups

so I created the symlinks suggested earlier:
ln -sf /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so.2
ln -sf /lib/libnss_winbind.so.2 /lib/libnss_winbind.so

Note, I only have /usr/local/samba/lib/libnss_winbind.so.2

Now getent is showing Domain users, yes an advance, but still not right, 
Sample user:
rowland:*:1105:1103:rowland:/home/HOME/rowland:/bin/bash

Same user, but from a client running samba 3.6.3 with virtually the same 
smb.conf:
rowland:*:3000016:3000012:rowland:/home/HOME/linuxusers/rowland:/bin/bash

Groups are different, getent group returns only local users on the Samba 
3.6.3 client, you have to give the group name, getent group staff:
7a:x:3000014:
Same command on the Samba4 client:
7a:x:1101:
but the command getent group on the samba4 client, does return all the 
local & Domain groups and I do mean all!

So, to summarise, yes it works, just not the way it needs to, samba4 
winbindd appears to be pulling the AD info, not the UidNumber,GidNumber 
& unixHomedirectory like samba 3.6.3.

Just had a thought, by creating the symlinks, am I using the right 
winbindd?

Rowland


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the samba-technical mailing list