Samba 4 Domain Member - problem

Carlos Miguel Bustillo Rdguez cbustillo at uclv.edu.cu
Fri Dec 20 14:12:48 MST 2013 

I agree with you. Then I increase the range in

idmap config MYDOMAIN:range =


and chand backend to rid as say Denis in the next mail.
Now more user are recognized by "id" command. I can see my domian groups
with wbinfo -g and all domain user with wbinfo -u
For example this user "bfeliu" is showed when I run "wbinfo -u" but when
I run:
# id bfeliu
id: bfeliu: No such user
# wbinfo -i bfeliu
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user bfeliu

I note that if user is not recognized by "id" command, then can't logon
in the network share.

One more think: I note that libnss_winbind.so and libnss_winbind.so.2
are linked by default in /lib/x86_64-linux-gnu/. Is necessary to add
link this libraries in /lib for i386 or in /lib64 from amd64, as say in
https://wiki.samba.org/index.php/Samba/Domain_Member??

Thanks for your help.

Regards, Carlos

On 12/20/2013 12:48 PM, Rowland Penny wrote:
> On 20/12/13 17:39, Carlos Miguel Bustillo Rdguez wrote:
>> Our domain is based entirely Windows Server 2008R2.
>>
>> I don't know really your question.
>>
>> Is necessary that domain users have a uidNumbers?? Where I can see this
>> numbers??
>>
>> Thanks, Carlos
>> On 12/20/2013 12:27 PM, Rowland Penny wrote:
>>> On 20/12/13 17:11, Carlos Miguel Bustillo Rdguez wrote:
>>>> Rowland:
>>>>
>>>>     thanks for your time. I have made your recomendation. But the
>>>> problem
>>>> remains:
>>>>
>>>> # wbinfo -i mmorales
>>>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>>>> Could not get info for user mmorales
>>>>
>>>> # id mmorales
>>>> id: mmorales: No such user
>>>>
>>>> Why the command "id" worked initially?
>>>> Sometimes command "id" identify the users and others don't do it.
>>>>
>>>> Regards, Carlos
>>>>
>>>> PD: Happy Christmas for all!!
>>>>
>>>> On 12/20/2013 04:37 AM, Rowland Penny wrote:
>>>>> On 19/12/13 23:12, Carlos Miguel Bustillo Rdguez wrote:
>>>>>> Hello list:
>>>>>>
>>>>>> Recently I join my Samba 4.1.3 (from Sernet packages in Debian
>>>>>> Wheezy)
>>>>>> to my Microsoft Windows 2008R2 Domain as member server.
>>>>>>
>>>>>> I following the steps in
>>>>>> https://wiki.samba.org/index.php/Samba/Domain_Member
>>>>>>
>>>>>> Initially all worked perfectly, but later I note that some user in my
>>>>>> MSAD don't appear when I use "id" command:
>>>>>> # id joe
>>>>>> id: joe: No such user
>>>>>>
>>>>>> These are the result from "testparm" command:
>>>>>> Load smb config files from /etc/samba/smb.conf
>>>>>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>>>>>> (16384)
>>>>>> Processing section "[pkt]"
>>>>>> Processing section "[test]"
>>>>>> Loaded services file OK.
>>>>>> Server role: ROLE_DOMAIN_MEMBER
>>>>>> Press enter to see a dump of your service definitions
>>>>>>
>>>>>> [global]
>>>>>>        workgroup = MYDOMAIN
>>>>>>        realm = MYDOMAIN.COM
>>>>>>        security = ADS
>>>>>>        winbind enum users = Yes
>>>>>>        winbind enum groups = Yes
>>>>>>        winbind use default domain = Yes
>>>>>>        winbind nss info = rfc2307
>>>>>>        idmap config MYDOMAIN:range = 500-100000
>>>>>>        idmap config MYDOMAIN:schema_mode = rfc2307
>>>>>>        idmap config MYDOMAIN:backend = ad
>>>>>>        idmap config *:range = 70001-80000
>>>>>>        idmap config * : backend = tdb
>>>>>>        map acl inherit = Yes
>>>>>>        printing = bsd
>>>>>>        print command = lpr -r -P'%p' %s
>>>>>>        lpq command = lpq -P'%p'
>>>>>>        lprm command = lprm -P'%p' %j
>>>>>>        store dos attributes = Yes
>>>>>>        vfs objects = acl_xattr
>>>>>>
>>>>>> [pkt]
>>>>>>        path = /home/big
>>>>>>        read only = No
>>>>>>
>>>>>> [test]
>>>>>>        path = /home/test
>>>>>>        read only = No
>>>>>>
>>>>>> The big problem is when I add new users to the shares above (pkt and
>>>>>> test), they cannot login.
>>>>>>
>>>>>> I think that the problem is associated with winbind and
>>>>>> libnss_winbind.so.2 library:
>>>>>>
>>>>>> I put the necessary symbolic links in /lib64 (my hardware is x86_64),
>>>>>> the I ran the following to check if the libraries are activated:
>>>>>> #ldconfig -v | grep winbind
>>>>>> ldconfig: Path `/lib/x86_64-linux-gnu' given more than once
>>>>>> ldconfig: Path `/usr/lib/x86_64-linux-gnu' given more than once
>>>>>>        libnss_winbind.so -> libnss_winbind.so.2
>>>>>>        libnss_winbind.so -> libnss_winbind.so.2
>>>>>>
>>>>>>
>>>>>> I appreciate some help about it.
>>>>>>
>>>>>> Regards, Carlos
>>>>>>
>>>>>>
>>>>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>>>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>>>>> http://www.uclv.edu.cu
>>>>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>>>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>>>>
>>>>>>
>>>>> First thing that you need to fix is your ranges, 'idmap config
>>>>> *:range =
>>>>> 70001-80000' is inside 'idmap config MYDOMAIN:range = 500-100000'
>>>>> The *:range needs to come before or after MYDOMAIN:range
>>>>> i.e.
>>>>> idmap config MYDOMAIN:range = 500-100000
>>>>> idmap config *:range = 100001-101000
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>>>> http://www.uclv.edu.cu
>>>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>>>
>>>>>
>>>>> .
>>>>>
>>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>>> http://www.uclv.edu.cu
>>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>>
>>>>
>>> Do the users that do not appear have uidNumbers in AD and if they do,
>>> are these numbers inside the range you set for your domain ?
>>>
>>> Rowland
>>>
>>>
>>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>>> http://www.uclv.edu.cu
>>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>>> Habana. Cuba. http://www.congresouniversidad.cu/
>>>
>>>
>>> .
>>>
>>
>> La Universidad Central "Marta Abreu" de Las Villas en su 60
>> Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:
>> http://www.uclv.edu.cu
>> Participe en Universidad 2014, del 10 al 14 de febrero de 2014.
>> Habana. Cuba. http://www.congresouniversidad.cu/
>>
>>
> If you don't know about them, then that is the problem. You are using
> the ad backend in your smb.conf and this relies on finding uidNumber &
> gidNumber in the users & groups CN's and these numbers have to be inside
> the range you set.
> As for adding them, go to ADUC, select a user or group and then go to
> the 'UNIX Attributes' tab, here you can add the required info.
>
> Rowland
>
> La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:  http://www.uclv.edu.cu
> Participe en Universidad 2014, del 10 al 14 de febrero de 2014. Habana. Cuba. http://www.congresouniversidad.cu/
>
>
> .
>


La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:  http://www.uclv.edu.cu
Participe en Universidad 2014, del 10 al 14 de febrero de 2014. Habana. Cuba. http://www.congresouniversidad.cu/

More information about the samba-technical mailing list