Samba 4 Domain Member - problem

Rowland Penny repenny241155 at gmail.com
Fri Dec 20 02:37:47 MST 2013 

On 19/12/13 23:12, Carlos Miguel Bustillo Rdguez wrote:
> Hello list:
>
> Recently I join my Samba 4.1.3 (from Sernet packages in Debian Wheezy)
> to my Microsoft Windows 2008R2 Domain as member server.
>
> I following the steps in
> https://wiki.samba.org/index.php/Samba/Domain_Member
>
> Initially all worked perfectly, but later I note that some user in my
> MSAD don't appear when I use "id" command:
> # id joe
> id: joe: No such user
>
> These are the result from "testparm" command:
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[pkt]"
> Processing section "[test]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>     workgroup = MYDOMAIN
>     realm = MYDOMAIN.COM
>     security = ADS
>     winbind enum users = Yes
>     winbind enum groups = Yes
>     winbind use default domain = Yes
>     winbind nss info = rfc2307
>     idmap config MYDOMAIN:range = 500-100000
>     idmap config MYDOMAIN:schema_mode = rfc2307
>     idmap config MYDOMAIN:backend = ad
>     idmap config *:range = 70001-80000
>     idmap config * : backend = tdb
>     map acl inherit = Yes
>     printing = bsd
>     print command = lpr -r -P'%p' %s
>     lpq command = lpq -P'%p'
>     lprm command = lprm -P'%p' %j
>     store dos attributes = Yes
>     vfs objects = acl_xattr
>
> [pkt]
>     path = /home/big
>     read only = No
>
> [test]
>     path = /home/test
>     read only = No
>
> The big problem is when I add new users to the shares above (pkt and
> test), they cannot login.
>
> I think that the problem is associated with winbind and
> libnss_winbind.so.2 library:
>
> I put the necessary symbolic links in /lib64 (my hardware is x86_64),
> the I ran the following to check if the libraries are activated:
> #ldconfig -v | grep winbind
> ldconfig: Path `/lib/x86_64-linux-gnu' given more than once
> ldconfig: Path `/usr/lib/x86_64-linux-gnu' given more than once
>     libnss_winbind.so -> libnss_winbind.so.2
>     libnss_winbind.so -> libnss_winbind.so.2
>
>
> I appreciate some help about it.
>
> Regards, Carlos
>
>
> La Universidad Central "Marta Abreu" de Las Villas en su 60 
> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en: 
> http://www.uclv.edu.cu
> Participe en Universidad 2014, del 10 al 14 de febrero de 2014. 
> Habana. Cuba. http://www.congresouniversidad.cu/
>
>
First thing that you need to fix is your ranges, 'idmap config *:range = 
70001-80000' is inside 'idmap config MYDOMAIN:range = 500-100000'
The *:range needs to come before or after MYDOMAIN:range
i.e.
idmap config MYDOMAIN:range = 500-100000
idmap config *:range = 100001-101000

Rowland

More information about the samba-technical mailing list