[Samba] Samba4 Member Server not working

Carlos Alberto Borges Garcia dedraks at gmail.com
Wed Aug 28 17:11:02 MDT 2013 

Hi,

I have one Samba4 server running as Active Directory Domain Controller.
It's working like a charm.

So I needed to add another server to be a Member Server (File Server).

The server is running samba-4.0.9.

Configured and compiled ok:

./configure --prefix=/usr/local/samba --sysconfdir=/etc
--localstatedir=/var --mandir=/usr/man --bindir=/usr/bin
--sbindir=/usr/sbin --libdir=/lib --enable-fhs --with-ads
--with-shared-modules=idmap_ad,pam

Installed ok.

Kerberos OK.
I can run kinit and klist

root at MYNETSRV08:/etc/samba# kinit Administrator
Password for Administrator at MYNET.NET:
root at MYSRV08:/etc/samba#

root at MYNETSRV08:/etc/samba# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at MYNET.NET

Valid starting    Expires           Service principal
28/08/2013 19:59  29/08/2013 05:59  krbtgt/MYNET.NET at MYNET.NET
        renew until 29/08/2013 19:59
root at MYNETSRV08:/etc/samba#

My SMB.CONF is below:

[global]

   workgroup = MYNET
   security = ADS
   realm = MYNET.NET
   encrypt passwords = yes

   idmap config *:backend = tdb
   idmap config *:range = 70001-80000
   idmap config MYNET:backend = ad
   idmap config MYNET:schema_mode = rfc2307

   idmap config MYNET:range = 500-40000

   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes

[test]
   path = /mnt/files
   read only = no



I can add my server to domain:

root at PCOSRV08:/etc/samba# net ads join -U administrator
Enter administrator's password:
Using short domain name -- MYNET
Joined 'MYNETSRV08' to dns domain 'mynet.net'
root at MYNETSRV08:/etc/samba#

libnss_winbind.so is in the right place:

root at MYNETSRV08:/etc/samba# ls /lib/libnss_winbind.so*
/lib/libnss_winbind.so  /lib/libnss_winbind.so.2

The libs are loaded fine:

root at MYNETSRV08:/etc/samba# ldconfig -v | grep libnss
        libnss_hesiod.so.2 -> libnss_hesiod-2.13.so
        libnss_compat.so.2 -> libnss_compat-2.13.so
        libnss_dns.so.2 -> libnss_dns-2.13.so
        libnss_ldap.so.2 -> libnss_ldap.so.2
        libnss_nis.so.2 -> libnss_nis-2.13.so
        libnss_nisplus.so.2 -> libnss_nisplus-2.13.so
        libnss_files.so.2 -> libnss_files-2.13.so
        libnss_wins.so -> libnss_wins.so.2
        libnss_winbind.so -> libnss_winbind.so.2
        libnss_hesiod.so.2 -> libnss_hesiod-2.13.so
        libnss_compat.so.2 -> libnss_compat-2.13.so
        libnss_dns.so.2 -> libnss_dns-2.13.so
        libnss_nis.so.2 -> libnss_nis-2.13.so
        libnss_nisplus.so.2 -> libnss_nisplus-2.13.so
        libnss_files.so.2 -> libnss_files-2.13.so
root at MYNETSRV08:/etc/samba#

I added winbind to my nsswitch.conf

passwd: compat winbind
group:  compat winbind

I can start the daemon without issues:

smbd
nmbd
winbindd

"wbinfo -u" list all my domain users

"wbinfo -g" list all my domain groups


Here is the problems:

When I run "getent passwd", it lists only the local users.

When I run "id Administrator", it returns "No such user".


If I try to access the share defined in smb.conf, the server does not
recognizes my user/password.

I'm lost.


Thanks in advance.






-- 
http://www.endomondo.com/profile/3312580

Veja: " http://naofoiacidente.org/blog/por-quem/ "

More information about the samba mailing list