[Samba] Join Samba4 in a Samba4 AD

Rowland Penny rowlandpenny at googlemail.com
Sat Nov 9 06:43:23 MST 2013 

On 09/11/13 13:30, DarkZad wrote:
> Hum
>
> In my AD had to do an import from Samba3 then did this:
> samba-tool domain classicupgrade --dbdir=/root/samba3/ 
> --use-xattrs=yes  --realm=tudor.local /root/samba3/smb.conf
>
>
> I see you have --use-rfc2307
>
>
> AD - smb.conf
>
> [global]
>         workgroup = TUDOR
>         realm = tudor.local
>         netbios name = SRVAD
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         dns forwarder = 192.168.1.1
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/tudor.local/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
>
>
>
> Em 09-11-2013 11:19, Rowland Penny escreveu:
>> On 09/11/13 13:13, DarkZad wrote:
>>> Local only.
>>>
>>> This happens in winbind:
>>>
>>> winbindd -i -S -d=4
>>>
>>> child daemon request 59
>>> Could not get unix ID for SID 
>>> S-1-5-21-3367345928-3957574907-2965305991-3360
>>> Finished processing child request 59
>>> child daemon request 59
>>> Finished processing child request 59
>>> child daemon request 59
>>> Could not get unix ID for SID 
>>> S-1-5-21-3367345928-3957574907-2965305991-3354
>>> Finished processing child request 59
>>> child daemon request 59
>>> Finished processing child request 59
>>> child daemon request 59
>>> Could not get unix ID for SID 
>>> S-1-5-21-3367345928-3957574907-2965305991-3024
>>>
>>>
>>>
>>> Em 09-11-2013 11:06, Rowland Penny escreveu:
>>>> Does 'getent passwd' show your domain users? 
>>>
>> You have these two lines in your smb.conf:
>>
>> idmap config TUDOR:backend = ad
>> idmap config TUDOR:schema_mode = rfc2307
>>
>> This shows that you want to use RFC2307 attributes from AD. Did you 
>> provision the Samba 4 AD server with ' --use-rfc2307' and do you 
>> actually have any 'uidNumber' & 'gidNumber' attributes in AD? because 
>> without them, you will get nothing.
>>
>> Rowland
>>
>>
>
You never said that you had done a classic upgrade from samba 3, 
'--use-rfc2307' is only used when you provision a new domain.

can you run this command on the samba 4 AD server (altering it to suit 
your domain etc):

ldapsearch -x -h 127.0.0.1 -b DC=example,DC=com -D 
CN=Administrator,CN=Users,DC=example,DC=com -w <Administrator password> 
'cn=<a username>'

It should dump all the users info, amongst which should be uidNumber

Also what OS are you using?

Rowland

More information about the samba mailing list