[Samba] Samba4 Member Server not working
steve
steve at steve-ss.com
Thu Aug 29 04:03:23 MDT 2013
On Thu, 2013-08-29 at 11:14 +1200, Andrew Bartlett wrote:
> On Wed, 2013-08-28 at 20:11 -0300, Carlos Alberto Borges Garcia wrote:
> > Hi,
> >
> > I have one Samba4 server running as Active Directory Domain Controller.
> > It's working like a charm.
> >
> > So I needed to add another server to be a Member Server (File Server).
> >
> > The server is running samba-4.0.9.
> >
> > Configured and compiled ok:
> >
> > ./configure --prefix=/usr/local/samba --sysconfdir=/etc
> > --localstatedir=/var --mandir=/usr/man --bindir=/usr/bin
> > --sbindir=/usr/sbin --libdir=/lib --enable-fhs --with-ads
> > --with-shared-modules=idmap_ad,pam
> >
> > Installed ok.
> >
> > Kerberos OK.
> > I can run kinit and klist
> >
> > root at MYNETSRV08:/etc/samba# kinit Administrator
> > Password for Administrator at MYNET.NET:
> > root at MYSRV08:/etc/samba#
> >
> > root at MYNETSRV08:/etc/samba# klist
> > Ticket cache: FILE:/tmp/krb5cc_0
> > Default principal: Administrator at MYNET.NET
> >
> > Valid starting Expires Service principal
> > 28/08/2013 19:59 29/08/2013 05:59 krbtgt/MYNET.NET at MYNET.NET
> > renew until 29/08/2013 19:59
> > root at MYNETSRV08:/etc/samba#
> >
> > My SMB.CONF is below:
> >
> > [global]
> >
> > workgroup = MYNET
> > security = ADS
> > realm = MYNET.NET
> > encrypt passwords = yes
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 70001-80000
> > idmap config MYNET:backend = ad
> > idmap config MYNET:schema_mode = rfc2307
> >
> > idmap config MYNET:range = 500-40000
> >
> > winbind nss info = rfc2307
> > winbind trusted domains only = no
> > winbind use default domain = yes
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > [test]
> > path = /mnt/files
> > read only = no
> >
> >
> >
> > I can add my server to domain:
> >
> > root at PCOSRV08:/etc/samba# net ads join -U administrator
> > Enter administrator's password:
> > Using short domain name -- MYNET
> > Joined 'MYNETSRV08' to dns domain 'mynet.net'
> > root at MYNETSRV08:/etc/samba#
> >
> > libnss_winbind.so is in the right place:
> >
> > root at MYNETSRV08:/etc/samba# ls /lib/libnss_winbind.so*
> > /lib/libnss_winbind.so /lib/libnss_winbind.so.2
> >
> > The libs are loaded fine:
> >
> > root at MYNETSRV08:/etc/samba# ldconfig -v | grep libnss
> > libnss_hesiod.so.2 -> libnss_hesiod-2.13.so
> > libnss_compat.so.2 -> libnss_compat-2.13.so
> > libnss_dns.so.2 -> libnss_dns-2.13.so
> > libnss_ldap.so.2 -> libnss_ldap.so.2
> > libnss_nis.so.2 -> libnss_nis-2.13.so
> > libnss_nisplus.so.2 -> libnss_nisplus-2.13.so
> > libnss_files.so.2 -> libnss_files-2.13.so
> > libnss_wins.so -> libnss_wins.so.2
> > libnss_winbind.so -> libnss_winbind.so.2
> > libnss_hesiod.so.2 -> libnss_hesiod-2.13.so
> > libnss_compat.so.2 -> libnss_compat-2.13.so
> > libnss_dns.so.2 -> libnss_dns-2.13.so
> > libnss_nis.so.2 -> libnss_nis-2.13.so
> > libnss_nisplus.so.2 -> libnss_nisplus-2.13.so
> > libnss_files.so.2 -> libnss_files-2.13.so
> > root at MYNETSRV08:/etc/samba#
> >
> > I added winbind to my nsswitch.conf
> >
> > passwd: compat winbind
> > group: compat winbind
> >
> > I can start the daemon without issues:
> >
> > smbd
> > nmbd
> > winbindd
> >
> > "wbinfo -u" list all my domain users
> >
> > "wbinfo -g" list all my domain groups
> >
> >
> > Here is the problems:
> >
> > When I run "getent passwd", it lists only the local users.
>
> For performance reasons, by default we do not list users in the AD
> domain. See winbind enum users in your smb.conf
His smb.conf above shows that the OP has those lines for both users and
groups.
>
> > When I run "id Administrator", it returns "No such user".
>
> You need to use 'id MYNET\\administrator'
>
smb.conf has: winbind use default domain = Yes
Do we still need MYNET\\?
Do your users have entries for:
uidNumber
and
gidNumber
in AD?
Cheers
Steve
More information about the samba
mailing list