Samba4 nmbd/smbd/winbindd
Rowland Penny
repenny at f2s.com
Tue Aug 28 06:52:51 MDT 2012
Ok, no matter what I did, I could not pull users & groups with getent on
Centos 6.1. So I have installed Ubuntu 12.04 instead and have gone
through the download & compiling of Samba4 again.
I set up /usr/local/samba/etc/smb.conf as follows:
[global]
workgroup = HOME
realm = home.lan
server string = Test Samba Server
security = ADS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
template shell = /bin/bash
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
idmap config HOME:schema_mode = rfc2307
idmap config HOME:range = 20000-3100000
idmap config HOME:backend = ad
idmap config *:range = 1100-2000
idmap config *:backend = tdb
set up $PATH
and joined the Domain:
net ads join -U Administrator at HOME.LAN
Enter Administrator at HOME.LAN's password:
Using short domain name -- HOME
Joined 'SERVER1' to realm 'home.lan'
DNS Update for server1.home.lan failed: ERROR_DNS_INVALID_MESSAGE
DNS update failed: NT_STATUS_UNSUCCESSFUL
Altered /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
and started the daemons:
/usr/local/samba/sbin/nmbd -D
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/winbindd -D
The daemons are running:
ps ax | grep samba
29916 ? Ss 0:00 /usr/local/samba/sbin/nmbd -D
29918 ? Ss 0:00 /usr/local/samba/sbin/smbd -D
29919 ? S 0:00 /usr/local/samba/sbin/smbd -D
29922 ? Ss 0:00 /usr/local/samba/sbin/winbindd -D
29924 ? S 0:00 /usr/local/samba/sbin/winbindd -D
29927 ? S 0:00 /usr/local/samba/sbin/winbindd -D
29928 ? S 0:00 /usr/local/samba/sbin/winbindd -D
29952 ? S 0:00 /usr/local/samba/sbin/winbindd -D
wbinfo -u & wbinfo -g are working as expected
Initially getent just returned local users & groups
so I created the symlinks suggested earlier:
ln -sf /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so.2
ln -sf /lib/libnss_winbind.so.2 /lib/libnss_winbind.so
Note, I only have /usr/local/samba/lib/libnss_winbind.so.2
Now getent is showing Domain users, yes an advance, but still not right,
Sample user:
rowland:*:1105:1103:rowland:/home/HOME/rowland:/bin/bash
Same user, but from a client running samba 3.6.3 with virtually the same
smb.conf:
rowland:*:3000016:3000012:rowland:/home/HOME/linuxusers/rowland:/bin/bash
Groups are different, getent group returns only local users on the Samba
3.6.3 client, you have to give the group name, getent group staff:
7a:x:3000014:
Same command on the Samba4 client:
7a:x:1101:
but the command getent group on the samba4 client, does return all the
local & Domain groups and I do mean all!
So, to summarise, yes it works, just not the way it needs to, samba4
winbindd appears to be pulling the AD info, not the UidNumber,GidNumber
& unixHomedirectory like samba 3.6.3.
Just had a thought, by creating the symlinks, am I using the right
winbindd?
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list