Samba 4 Domain Member - problem

Rowland Penny repenny241155 at gmail.com
Fri Dec 20 10:27:26 MST 2013 

On 20/12/13 17:11, Carlos Miguel Bustillo Rdguez wrote:
> Rowland:
>
>   thanks for your time. I have made your recomendation. But the problem
> remains:
>
> # wbinfo -i mmorales
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user mmorales
>
> # id mmorales
> id: mmorales: No such user
>
> Why the command "id" worked initially?
> Sometimes command "id" identify the users and others don't do it.
>
> Regards, Carlos
>
> PD: Happy Christmas for all!!
>
> On 12/20/2013 04:37 AM, Rowland Penny wrote:
>> On 19/12/13 23:12, Carlos Miguel Bustillo Rdguez wrote:
>>> Hello list:
>>>
>>> Recently I join my Samba 4.1.3 (from Sernet packages in Debian Wheezy)
>>> to my Microsoft Windows 2008R2 Domain as member server.
>>>
>>> I following the steps in
>>> https://wiki.samba.org/index.php/Samba/Domain_Member
>>>
>>> Initially all worked perfectly, but later I note that some user in my
>>> MSAD don't appear when I use "id" command:
>>> # id joe
>>> id: joe: No such user
>>>
>>> These are the result from "testparm" command:
>>> Load smb config files from /etc/samba/smb.conf
>>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit 
>>> (16384)
>>> Processing section "[pkt]"
>>> Processing section "[test]"
>>> Loaded services file OK.
>>> Server role: ROLE_DOMAIN_MEMBER
>>> Press enter to see a dump of your service definitions
>>>
>>> [global]
>>>      workgroup = MYDOMAIN
>>>      realm = MYDOMAIN.COM
>>>      security = ADS
>>>      winbind enum users = Yes
>>>      winbind enum groups = Yes
>>>      winbind use default domain = Yes
>>>      winbind nss info = rfc2307
>>>      idmap config MYDOMAIN:range = 500-100000
>>>      idmap config MYDOMAIN:schema_mode = rfc2307
>>>      idmap config MYDOMAIN:backend = ad
>>>      idmap config *:range = 70001-80000
>>>      idmap config * : backend = tdb
>>>      map acl inherit = Yes
>>>      printing = bsd
>>>      print command = lpr -r -P'%p' %s
>>>      lpq command = lpq -P'%p'
>>>      lprm command = lprm -P'%p' %j
>>>      store dos attributes = Yes
>>>      vfs objects = acl_xattr
>>>
>>> [pkt]
>>>      path = /home/big
>>>      read only = No
>>>
>>> [test]
>>>      path = /home/test
>>>      read only = No
>>>
>>> The big problem is when I add new users to the shares above (pkt and
>>> test), they cannot login.
>>>
>>> I think that the problem is associated with winbind and
>>> libnss_winbind.so.2 library:
>>>
>>> I put the necessary symbolic links in /lib64 (my hardware is x86_64),
>>> the I ran the following to check if the libraries are activated:
>>> #ldconfig -v | grep winbind
>>> ldconfig: Path `/lib/x86_64-linux-gnu' given more than once
>>> ldconfig: Path `/usr/lib/x86_64-linux-gnu' given more than once
>>>      libnss_winbind.so -> libnss_winbind.so.2
>>>      libnss_winbind.so -> libnss_winbind.so.2
>>>
>>>
>>> I appreciate some help about it.
>>>
>>> Regards, Carlos
>>>
>>>
>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>> http://www.uclv.edu.cu
>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>
>>>
>> First thing that you need to fix is your ranges, 'idmap config *:range =
>> 70001-80000' is inside 'idmap config MYDOMAIN:range = 500-100000'
>> The *:range needs to come before or after MYDOMAIN:range
>> i.e.
>> idmap config MYDOMAIN:range = 500-100000
>> idmap config *:range = 100001-101000
>>
>> Rowland
>>
>>
>> La Universidad Central "Marta Abreu" de Las Villas en su 60 
>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en: 
>> http://www.uclv.edu.cu
>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014. 
>> Habana. Cuba. http://www.congresouniversidad.cu/
>>
>>
>> .
>>
>
>
> La Universidad Central "Marta Abreu" de Las Villas en su 60 
> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en: 
> http://www.uclv.edu.cu
> Participe en Universidad 2014, del 10 al 14 de febrero de 2014. 
> Habana. Cuba. http://www.congresouniversidad.cu/
>
>
Do the users that do not appear have uidNumbers in AD and if they do, 
are these numbers inside the range you set for your domain ?

Rowland

More information about the samba-technical mailing list