Join samba 4.1.7 as member server issues

[Rowland Penny]

On 08/05/14 10:12, Daniele Dario wrote:
> On mer, 2014-05-07 at 17:28 +0200, steve wrote:
>> On Wed, 2014-05-07 at 17:16 +0200, Daniele Dario wrote:
>>> Hi list,
>>> I'm trying to join a new server (samba 4.1.7) on a samba AD domain which
>>> has 2 samba 4.1.0 AD DCs.
>>>
>>> I started from the wiki page "Setup a Samba AD Member Server" and I'm
>>> using the tarball of 4.1.7 sources downloaded from samba repository but
>>> after the "Build Samba" step I start having issues.
>>>
>>> 1st: would it be possible that when I run make install the process
>>> created also /etc/samba/{smb.conf,gdbcommands}? If yes which would be
>>> the conf file used? The one in /etc/samba or the one
>>> in /usr/local/samba/etc?
>> Hi
>> For a default ./configure, the latter.
>>
>>> 2nd: joining the domain has to be done before to start the daemons am I
>>> right?
>>>
>> Yes.
>>
>>> # net ads join -U administrator
>>> Enter administrator's password:
>>> Using short domain name -- SAITEL
>>> Joined 'SRV03' to realm 'saitel.loc'
>>> No DNS domain configured for srv03. Unable to perform DNS Update.
>>> DNS update failed!
>> Try:
>> - Un-join and add fqdn of the member server to the localhost line in:
>> /etc/hosts
>>
>> - add:
>> kerberos method = system keytab
>> Re-join.
>>
>> -remove the samba package from your distribution.
>>
>> HTH
>> Steve
>>
>>
> Thanks Steve,
> seems that I have many problems:
> 1. it was installed samba-common and samba-common-bin packages. Now I
> removed them
> 2. performed net dom unjoin, tried to add fqdn in /etc/hosts, updated
> smb.conf adding kerberos method = system keytab than re-joined to the
> domain but after starting samba (I am using the script listed in
> "InitScript SambaWiki") wbinfo -u nor wbinfo -g worked.
> 3. looking at which precesses are started from the "InitScript" I saw
> that only smbd and nmbd are started so I manually tried to start
> winbindd -D and than wbinfo -u and wbinfo .g show domain users and
> groups
>
> At this point I said ok, done but ... :-(
>
> Trying to run id OneValidDomainUser I get
> # id daniele
> id: daniele: No such user
>
> And this is my /etc/nsswitch.conf
>
> passwd:         compat winbind
> group:          compat winbind
> shadow:         files
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
> so I'm again stuck.
>
> Can somebody tell me if the winbindd daemon has to be added as one of
> the daemons that has to be started by the InitScript?
>
> And what am I doing wrong that explains the fact that id, getent and
> also smbclient -L ... won't work?
>
> Thanks in advance,
> Daniele.
>
Hi, yes you need to start winbind separately from the smbd & nmbd 
daemons, so you need to find/write another init script.

As for what is wrong, this could one of several things (or several of 
several things ;) )

Are all the daemons actually running ? run 'ps ax | grep [s]mbd' and 'ps 
ax | grep [n]mbd' and 'ps ax | grep [w]inbind', they all should return 
something.

If you are using the ad idmap backend, do your AD users have both 
uidNumber's & gidNumber's ? Do your AD groups have gidNumber's ? , also 
are these uid & gidNumber's within the range that you set in smb.conf ?

Rowland