4.2rc2 and winbindd

Rowland Penny repenny241155 at gmail.com
Sun Oct 19 09:01:13 MDT 2014


On 19/10/14 15:55, steve wrote:
> On 19/10/14 16:39, Rowland Penny wrote:
>> On 19/10/14 15:29, steve wrote:
>>> On 19/10/14 16:16, Rowland Penny wrote:
>>>> On 19/10/14 14:23, steve wrote:
>>>>> On 19/10/14 14:46, Rowland Penny wrote:
>>>>>> OK, I have compiled 4.2rc2 on Debian 7.5 running in a VM and set 
>>>>>> up a
>>>>>> test DC. this was set up to test the new (old?) winbindd. From 
>>>>>> what I
>>>>>> have read this is exactly the same daemon that would be run if I
>>>>>> setup a
>>>>>> client and presumably needs the same configuration in smb.conf.
>>>>>>
>>>>>> Therefore, after provision, I changed smb.conf to this:
>>>>>>
>>>>>> # Global parameters
>>>>>> [global]
>>>>>>          workgroup = EXAMPLE
>>>>>>          realm = example.com
>>>>>>          netbios name = DEBDC
>>>>>>          server role = active directory domain controller
>>>>>>          dns forwarder = 8.8.8.8
>>>>>>          idmap_ldb:use rfc2307 = yes
>>>>>>          dedicated keytab file = /etc/krb5.keytab
>>>>>>          kerberos method = secrets and keytab
>>>>>>          winbind enum users = yes
>>>>>>          winbind enum groups = yes
>>>>>>          winbind use default domain = yes
>>>>>>          winbind expand groups = 4
>>>>>>          winbind nss info = rfc2307
>>>>>>          winbind refresh tickets = Yes
>>>>>>          winbind normalize names = Yes
>>>>>>          idmap config * : backend = tdb
>>>>>>          idmap config * : range = 2000-9999
>>>>>>          idmap config HOME : backend  = ad
>>>>>>          idmap config HOME : range = 10000-999999
>>>>>>          idmap config HOME : schema_mode = rfc2307
>>>>>>          log level = 9
>>>>>>
>>>>>> [netlogon]
>>>>>>          path = 
>>>>>> /usr/local/samba/var/locks/sysvol/example.com/scripts
>>>>>>          read only = No
>>>>>>
>>>>>> [sysvol]
>>>>>>          path = /usr/local/samba/var/locks/sysvol
>>>>>>          read only = No
>>>>>>
>>>>>> This is based on a working samba 4.1.6 client.
>>>>>>
>>>>>> I gave Domain Users a gidNumber, created a user, gave the user a
>>>>>> uidNumber and the loginShell & unixHomeDirectory attributes.
>>>>>>
>>>>>> Everything else is setup as standard.
>>>>>>
>>>>>> wbinfo -u shows all domain users, wbinfo -g shows all domain groups.
>>>>>>
>>>>>> getent passwd & getent group, do not display anything from the 
>>>>>> domain
>>>>>>
>>>>>> getent group Domain\ Users displays:
>>>>>>
>>>>>> domain_users:x:10000:
>>>>>>
>>>>>> getent passwd rowland displays:
>>>>>>
>>>>>> rowland:*:10000:10000:Rowland Penny:/home/%D/%U:/bin/false
>>>>>>
>>>>>> As you can see, like the old builtin winbind, the users uidNumber 
>>>>>> and
>>>>>> the Domain Users gidNumber are displayed. The unixHomeDirectory &
>>>>>> loginShell attributes do not seem to be pulled from AD, are they
>>>>>> supposed to be ?
>>>>>>
>>>>>> Am I barking up the wrong tree ? Am I doing something wrong or not
>>>>>> doing
>>>>>> something I should ?
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>>
>>>>> Hi Rowland,
>>>>> Is Kerberos perhaps looking for host/ in the default keytab 
>>>>> because it
>>>>> doesn't know the path to secrets? Maybe stick host/ and MACHINE$ at
>>>>> /etc/krb5.keytab
>>>>>
>>>> Sorry Steve, that didn't work, but thanks for the idea, probably will
>>>> have to wait until Andrew makes an appearance, he seems to have done
>>>> most of the work getting samba to use the new/old winbind ;-)
>>>>
>>>> Rowland
>>>
>>> Yeah, out of ideas over here too. Dunno, can we bugzilla on a rc?
>>> Also, not that we've tried much, but we can't find anywhere where its
>>> says, 'winbindd now works on the DC'. Maybe it will only be turned on
>>> for the release? Can anyone help us?
>> So you missed the release notes then ;-)
>>
>> Winbindd is now used on the Samba AD DC by default, replacing the
>> partial rewrite used for winbind operations in Samba 4.0 and 4.1.
>>
>
> We have this:
>
>> Release Announcements
>> =====================
>>
>> This is the first preview release of Samba 4.3.  This is *not*
>> intended for production environments and is designed for testing
>> purposes only.  Please report any defects via the Samba bug reporting
>> system at https://bugzilla.samba.org/.
>>
>> Samba 4.3 will be the next version of the Samba suite.
>
>
OK, I give in, where did you get that from ? mine came from the 4.2rc2 
release notes that Karolin Seeger posted on Wednesday.

Rowland



More information about the samba-technical mailing list