Samba 4 Domain Member - problem

Rowland Penny repenny241155 at gmail.com
Fri Dec 20 11:17:51 MST 2013 

On 20/12/13 17:58, Denis Cardon wrote:
> Hi Carlos,
>
>> Our domain is based entirely Windows Server 2008R2.
>>
>> I don't know really your question.
>>
>> Is necessary that domain users have a uidNumbers?? Where I can see this
>> numbers??
>
> it is not necessary to have uidnumber and gidnumber in your ad, 
> although it may be better to have them from my experience. However, 
> the configuration you are using specify the UID/SID mapping using 
> rfc2307 recommandation, that use the ldap attribute uidnumber and 
> gidnumber.
The smb.conf that the OP gave earlier showed that he was using the ad 
backend and that now some of the users did not appear via running 'id'. 
To me, this means that some of his users have a uidNumber and others 
(probably recently added) don't, so in this case, you do need the 
uidNumber's, but if, as you say, he moves to the 'rid' backend, he will 
not need them, but he will need to run chown on anything stored on a 
linux machine.

Rowland

>
> So in your case, you want to use a SID/UID mapping based on RID (the 
> ending part of the SID, which is different for every users of the same 
> domain). So your configuration may have some lines like :
>
>         idmap config MYDOMAIN : backend     = rid
>         idmap config MYDOMAIN : range       = 10000 - 49999
>
> RID idmap configuration has changed with almost every release of samba 
> in the last few years, so you should look at which version you have to 
> get the right syntax using rid mapping backend.
>
> Hope this help
>
> Denis
>
>
>>
>> Thanks, Carlos
>> On 12/20/2013 12:27 PM, Rowland Penny wrote:
>>> On 20/12/13 17:11, Carlos Miguel Bustillo Rdguez wrote:
>>>> Rowland:
>>>>
>>>>    thanks for your time. I have made your recomendation. But the 
>>>> problem
>>>> remains:
>>>>
>>>> # wbinfo -i mmorales
>>>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>>>> Could not get info for user mmorales
>>>>
>>>> # id mmorales
>>>> id: mmorales: No such user
>>>>
>>>> Why the command "id" worked initially?
>>>> Sometimes command "id" identify the users and others don't do it.
>>>>
>>>> Regards, Carlos
>>>>
>>>> PD: Happy Christmas for all!!
>>>>
>>>> On 12/20/2013 04:37 AM, Rowland Penny wrote:
>>>>> On 19/12/13 23:12, Carlos Miguel Bustillo Rdguez wrote:
>>>>>> Hello list:
>>>>>>
>>>>>> Recently I join my Samba 4.1.3 (from Sernet packages in Debian 
>>>>>> Wheezy)
>>>>>> to my Microsoft Windows 2008R2 Domain as member server.
>>>>>>
>>>>>> I following the steps in
>>>>>> https://wiki.samba.org/index.php/Samba/Domain_Member
>>>>>>
>>>>>> Initially all worked perfectly, but later I note that some user 
>>>>>> in my
>
>>>>>> MSAD don't appear when I use "id" command:
>>>>>> # id joe
>>>>>> id: joe: No such user
>>>>>>
>>>>>> These are the result from "testparm" command:
>>>>>> Load smb config files from /etc/samba/smb.conf
>>>>>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>>>>>> (16384)
>>>>>> Processing section "[pkt]"
>>>>>> Processing section "[test]"
>>>>>> Loaded services file OK.
>>>>>> Server role: ROLE_DOMAIN_MEMBER
>>>>>> Press enter to see a dump of your service definitions
>>>>>>
>>>>>> [global]
>>>>>>       workgroup = MYDOMAIN
>>>>>>       realm = MYDOMAIN.COM
>>>>>>       security = ADS
>>>>>>       winbind enum users = Yes
>>>>>>       winbind enum groups = Yes
>>>>>>       winbind use default domain = Yes
>>>>>>       winbind nss info = rfc2307
>>>>>>       idmap config MYDOMAIN:range = 500-100000
>>>>>>       idmap config MYDOMAIN:schema_mode = rfc2307
>>>>>>       idmap config MYDOMAIN:backend = ad
>>>>>>       idmap config *:range = 70001-80000
>>>>>>       idmap config * : backend = tdb
>>>>>>       map acl inherit = Yes
>>>>>>       printing = bsd
>>>>>>       print command = lpr -r -P'%p' %s
>>>>>>       lpq command = lpq -P'%p'
>>>>>>       lprm command = lprm -P'%p' %j
>>>>>>       store dos attributes = Yes
>>>>>>       vfs objects = acl_xattr
>>>>>>
>>>>>> [pkt]
>>>>>>       path = /home/big
>>>>>>       read only = No
>>>>>>
>>>>>> [test]
>>>>>>       path = /home/test
>>>>>>       read only = No
>>>>>>
>>>>>> The big problem is when I add new users to the shares above (pkt and
>>>>>> test), they cannot login.
>>>>>>
>>>>>> I think that the problem is associated with winbind and
>>>>>> libnss_winbind.so.2 library:
>>>>>>
>>>>>> I put the necessary symbolic links in /lib64 (my hardware is 
>>>>>> x86_64),
>>>>>> the I ran the following to check if the libraries are activated:
>>>>>> #ldconfig -v | grep winbind
>>>>>> ldconfig: Path `/lib/x86_64-linux-gnu' given more than once
>>>>>> ldconfig: Path `/usr/lib/x86_64-linux-gnu' given more than once
>>>>>>       libnss_winbind.so -> libnss_winbind.so.2
>>>>>>       libnss_winbind.so -> libnss_winbind.so.2
>>>>>>
>>>>>>
>>>>>> I appreciate some help about it.
>>>>>>
>>>>>> Regards, Carlos
>>>>>>
>>>>>>
>>>>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>>>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>>>>> http://www.uclv.edu.cu
>>>>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>>>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>>>>
>>>>>>
>>>>> First thing that you need to fix is your ranges, 'idmap config
>>>>> *:range =
>>>>> 70001-80000' is inside 'idmap config MYDOMAIN:range = 500-100000'
>>>>> The *:range needs to come before or after MYDOMAIN:range
>>>>> i.e.
>>>>> idmap config MYDOMAIN:range = 500-100000
>>>>> idmap config *:range = 100001-101000
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>>>> http://www.uclv.edu.cu
>>>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>>>
>>>>>
>>>>> .
>>>>>
>>>>
>>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>>> http://www.uclv.edu.cu
>>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>>
>>>>
>>> Do the users that do not appear have uidNumbers in AD and if they do,
>>> are these numbers inside the range you set for your domain ?
>>>
>>> Rowland
>>>
>>>
>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>> http://www.uclv.edu.cu
>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>
>>>
>>> .
>>>
>>
>>
>> La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario.
>> Fundada el 30 de noviembre de 1952. Visítenos en: http://www.uclv.edu.cu
>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014. Habana.
>> Cuba. http://www.congresouniversidad.cu/
>>
>>
>
>

More information about the samba-technical mailing list