Samba 4 Domain Member - problem

Denis Cardon denis.cardon at tranquil-it-systems.fr
Fri Dec 20 10:58:31 MST 2013 

Hi Carlos,

> Our domain is based entirely Windows Server 2008R2.
>
> I don't know really your question.
>
> Is necessary that domain users have a uidNumbers?? Where I can see this
> numbers??

it is not necessary to have uidnumber and gidnumber in your ad, although 
it may be better to have them from my experience. However, the 
configuration you are using specify the UID/SID mapping using rfc2307 
recommandation, that use the ldap attribute uidnumber and gidnumber.

So in your case, you want to use a SID/UID mapping based on RID (the 
ending part of the SID, which is different for every users of the same 
domain). So your configuration may have some lines like :

         idmap config MYDOMAIN : backend     = rid
         idmap config MYDOMAIN : range       = 10000 - 49999

RID idmap configuration has changed with almost every release of samba 
in the last few years, so you should look at which version you have to 
get the right syntax using rid mapping backend.

Hope this help

Denis


>
> Thanks, Carlos
> On 12/20/2013 12:27 PM, Rowland Penny wrote:
>> On 20/12/13 17:11, Carlos Miguel Bustillo Rdguez wrote:
>>> Rowland:
>>>
>>>    thanks for your time. I have made your recomendation. But the problem
>>> remains:
>>>
>>> # wbinfo -i mmorales
>>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>>> Could not get info for user mmorales
>>>
>>> # id mmorales
>>> id: mmorales: No such user
>>>
>>> Why the command "id" worked initially?
>>> Sometimes command "id" identify the users and others don't do it.
>>>
>>> Regards, Carlos
>>>
>>> PD: Happy Christmas for all!!
>>>
>>> On 12/20/2013 04:37 AM, Rowland Penny wrote:
>>>> On 19/12/13 23:12, Carlos Miguel Bustillo Rdguez wrote:
>>>>> Hello list:
>>>>>
>>>>> Recently I join my Samba 4.1.3 (from Sernet packages in Debian Wheezy)
>>>>> to my Microsoft Windows 2008R2 Domain as member server.
>>>>>
>>>>> I following the steps in
>>>>> https://wiki.samba.org/index.php/Samba/Domain_Member
>>>>>
>>>>> Initially all worked perfectly, but later I note that some user in my

>>>>> MSAD don't appear when I use "id" command:
>>>>> # id joe
>>>>> id: joe: No such user
>>>>>
>>>>> These are the result from "testparm" command:
>>>>> Load smb config files from /etc/samba/smb.conf
>>>>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>>>>> (16384)
>>>>> Processing section "[pkt]"
>>>>> Processing section "[test]"
>>>>> Loaded services file OK.
>>>>> Server role: ROLE_DOMAIN_MEMBER
>>>>> Press enter to see a dump of your service definitions
>>>>>
>>>>> [global]
>>>>>       workgroup = MYDOMAIN
>>>>>       realm = MYDOMAIN.COM
>>>>>       security = ADS
>>>>>       winbind enum users = Yes
>>>>>       winbind enum groups = Yes
>>>>>       winbind use default domain = Yes
>>>>>       winbind nss info = rfc2307
>>>>>       idmap config MYDOMAIN:range = 500-100000
>>>>>       idmap config MYDOMAIN:schema_mode = rfc2307
>>>>>       idmap config MYDOMAIN:backend = ad
>>>>>       idmap config *:range = 70001-80000
>>>>>       idmap config * : backend = tdb
>>>>>       map acl inherit = Yes
>>>>>       printing = bsd
>>>>>       print command = lpr -r -P'%p' %s
>>>>>       lpq command = lpq -P'%p'
>>>>>       lprm command = lprm -P'%p' %j
>>>>>       store dos attributes = Yes
>>>>>       vfs objects = acl_xattr
>>>>>
>>>>> [pkt]
>>>>>       path = /home/big
>>>>>       read only = No
>>>>>
>>>>> [test]
>>>>>       path = /home/test
>>>>>       read only = No
>>>>>
>>>>> The big problem is when I add new users to the shares above (pkt and
>>>>> test), they cannot login.
>>>>>
>>>>> I think that the problem is associated with winbind and
>>>>> libnss_winbind.so.2 library:
>>>>>
>>>>> I put the necessary symbolic links in /lib64 (my hardware is x86_64),
>>>>> the I ran the following to check if the libraries are activated:
>>>>> #ldconfig -v | grep winbind
>>>>> ldconfig: Path `/lib/x86_64-linux-gnu' given more than once
>>>>> ldconfig: Path `/usr/lib/x86_64-linux-gnu' given more than once
>>>>>       libnss_winbind.so -> libnss_winbind.so.2
>>>>>       libnss_winbind.so -> libnss_winbind.so.2
>>>>>
>>>>>
>>>>> I appreciate some help about it.
>>>>>
>>>>> Regards, Carlos
>>>>>
>>>>>
>>>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>>>> http://www.uclv.edu.cu
>>>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>>>
>>>>>
>>>> First thing that you need to fix is your ranges, 'idmap config
>>>> *:range =
>>>> 70001-80000' is inside 'idmap config MYDOMAIN:range = 500-100000'
>>>> The *:range needs to come before or after MYDOMAIN:range
>>>> i.e.
>>>> idmap config MYDOMAIN:range = 500-100000
>>>> idmap config *:range = 100001-101000
>>>>
>>>> Rowland
>>>>
>>>>
>>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>>> http://www.uclv.edu.cu
>>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>>
>>>>
>>>> .
>>>>
>>>
>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>> http://www.uclv.edu.cu
>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>
>>>
>> Do the users that do not appear have uidNumbers in AD and if they do,
>> are these numbers inside the range you set for your domain ?
>>
>> Rowland
>>
>>
>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>> http://www.uclv.edu.cu
>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>> Habana. Cuba. http://www.congresouniversidad.cu/
>>
>>
>> .
>>
>
>
> La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario.
> Fundada el 30 de noviembre de 1952. Visítenos en:  http://www.uclv.edu.cu
> Participe en Universidad 2014, del 10 al 14 de febrero de 2014. Habana.
> Cuba. http://www.congresouniversidad.cu/
>
>


-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

More information about the samba-technical mailing list