Join samba 4.1.7 as member server issues

Daniele Dario d.dario76 at gmail.com
Thu May 8 06:33:46 MDT 2014


Hi Rowland,

On gio, 2014-05-08 at 10:43 +0100, Rowland Penny wrote:
> On 08/05/14 10:12, Daniele Dario wrote:
> > On mer, 2014-05-07 at 17:28 +0200, steve wrote:
> >> On Wed, 2014-05-07 at 17:16 +0200, Daniele Dario wrote:
> >>> Hi list,
> >>> I'm trying to join a new server (samba 4.1.7) on a samba AD domain which
> >>> has 2 samba 4.1.0 AD DCs.
> >>>
> >>> I started from the wiki page "Setup a Samba AD Member Server" and I'm
> >>> using the tarball of 4.1.7 sources downloaded from samba repository but
> >>> after the "Build Samba" step I start having issues.
> >>>
> >>> 1st: would it be possible that when I run make install the process
> >>> created also /etc/samba/{smb.conf,gdbcommands}? If yes which would be
> >>> the conf file used? The one in /etc/samba or the one
> >>> in /usr/local/samba/etc?
> >> Hi
> >> For a default ./configure, the latter.
> >>
> >>> 2nd: joining the domain has to be done before to start the daemons am I
> >>> right?
> >>>
> >> Yes.
> >>
> >>> # net ads join -U administrator
> >>> Enter administrator's password:
> >>> Using short domain name -- SAITEL
> >>> Joined 'SRV03' to realm 'saitel.loc'
> >>> No DNS domain configured for srv03. Unable to perform DNS Update.
> >>> DNS update failed!
> >> Try:
> >> - Un-join and add fqdn of the member server to the localhost line in:
> >> /etc/hosts
> >>
> >> - add:
> >> kerberos method = system keytab
> >> Re-join.
> >>
> >> -remove the samba package from your distribution.
> >>
> >> HTH
> >> Steve
> >>
> >>
> > Thanks Steve,
> > seems that I have many problems:
> > 1. it was installed samba-common and samba-common-bin packages. Now I
> > removed them
> > 2. performed net dom unjoin, tried to add fqdn in /etc/hosts, updated
> > smb.conf adding kerberos method = system keytab than re-joined to the
> > domain but after starting samba (I am using the script listed in
> > "InitScript SambaWiki") wbinfo -u nor wbinfo -g worked.
> > 3. looking at which precesses are started from the "InitScript" I saw
> > that only smbd and nmbd are started so I manually tried to start
> > winbindd -D and than wbinfo -u and wbinfo .g show domain users and
> > groups
> >
> > At this point I said ok, done but ... :-(
> >
> > Trying to run id OneValidDomainUser I get
> > # id daniele
> > id: daniele: No such user
> >
> > And this is my /etc/nsswitch.conf
> >
> > passwd:         compat winbind
> > group:          compat winbind
> > shadow:         files
> >
> > hosts:          files dns
> > networks:       files
> >
> > protocols:      db files
> > services:       db files
> > ethers:         db files
> > rpc:            db files
> >
> > netgroup:       nis
> >
> > so I'm again stuck.
> >
> > Can somebody tell me if the winbindd daemon has to be added as one of
> > the daemons that has to be started by the InitScript?
> >
> > And what am I doing wrong that explains the fact that id, getent and
> > also smbclient -L ... won't work?
> >
> > Thanks in advance,
> > Daniele.
> >
> Hi, yes you need to start winbind separately from the smbd & nmbd 
> daemons, so you need to find/write another init script.
> 
> As for what is wrong, this could one of several things (or several of 
> several things ;) )
> 
> Are all the daemons actually running ? run 'ps ax | grep [s]mbd' and 'ps 
> ax | grep [n]mbd' and 'ps ax | grep [w]inbind', they all should return 
> something.

Yes they where all running.

> 
> If you are using the ad idmap backend, do your AD users have both 
> uidNumber's & gidNumber's ? Do your AD groups have gidNumber's ? , also 
> are these uid & gidNumber's within the range that you set in smb.conf ?
> 
> Rowland
> 

I'll try to investigate but 'cause I need to set up another fileserver
ASAP to move the shares I have on an old samba 3.4.7 server joined to
the domain I think I'll use one of the DCs also as fileserver.

If I remember right you where one of those who where discussing about
posixaccount and posixgroup (rfc2307) and I'm really interested on this
topic
Once I move the shares I will set-up another samba server to keep a
(guess via rsync) copy of these shares for backup.
Having distinct uid/gid on the servers will make the copy unuseful so I
thought that with adding objectClass posixaccount and posixgroup in my
company accounts I would solve this problem am I right?
If so can you (or somebody else) suggest a way to do that?
I have a copy of the scripts posted in the past (I guess from Steve)
that "posixify" users/groups but need to understand how to proceed:
- recently I noticed in the list that there are discussions on wellknown
(s)ids and how to properly handle them. This means that not all
users/groups has to be "posixified"?
- when I do that I guess that the shares loose the association between
the owners/groups the files/folders have on the fs and on AD so I need
chown them after the operation?

BTW Thx for the hints.
Daniele.



More information about the samba-technical mailing list