[Samba] Join Samba4 in a Samba4 AD

DarkZad darkzad at yahoo.com.br
Sat Nov 9 06:52:19 MST 2013 

I did not find this command ldapsearch

I'm running Debian 7

Sorry for not having spoken classic upgrade. :O

Em 09-11-2013 11:43, Rowland Penny escreveu:
> On 09/11/13 13:30, DarkZad wrote:
>> Hum
>>
>> In my AD had to do an import from Samba3 then did this:
>> samba-tool domain classicupgrade --dbdir=/root/samba3/ 
>> --use-xattrs=yes  --realm=tudor.local /root/samba3/smb.conf
>>
>>
>> I see you have --use-rfc2307
>>
>>
>> AD - smb.conf
>>
>> [global]
>>         workgroup = TUDOR
>>         realm = tudor.local
>>         netbios name = SRVAD
>>         server role = active directory domain controller
>>         idmap_ldb:use rfc2307 = yes
>>         dns forwarder = 192.168.1.1
>>
>> [netlogon]
>>         path = /usr/local/samba/var/locks/sysvol/tudor.local/scripts
>>         read only = No
>>
>> [sysvol]
>>         path = /usr/local/samba/var/locks/sysvol
>>         read only = No
>>
>>
>>
>>
>> Em 09-11-2013 11:19, Rowland Penny escreveu:
>>> On 09/11/13 13:13, DarkZad wrote:
>>>> Local only.
>>>>
>>>> This happens in winbind:
>>>>
>>>> winbindd -i -S -d=4
>>>>
>>>> child daemon request 59
>>>> Could not get unix ID for SID 
>>>> S-1-5-21-3367345928-3957574907-2965305991-3360
>>>> Finished processing child request 59
>>>> child daemon request 59
>>>> Finished processing child request 59
>>>> child daemon request 59
>>>> Could not get unix ID for SID 
>>>> S-1-5-21-3367345928-3957574907-2965305991-3354
>>>> Finished processing child request 59
>>>> child daemon request 59
>>>> Finished processing child request 59
>>>> child daemon request 59
>>>> Could not get unix ID for SID 
>>>> S-1-5-21-3367345928-3957574907-2965305991-3024
>>>>
>>>>
>>>>
>>>> Em 09-11-2013 11:06, Rowland Penny escreveu:
>>>>> Does 'getent passwd' show your domain users? 
>>>>
>>> You have these two lines in your smb.conf:
>>>
>>> idmap config TUDOR:backend = ad
>>> idmap config TUDOR:schema_mode = rfc2307
>>>
>>> This shows that you want to use RFC2307 attributes from AD. Did you 
>>> provision the Samba 4 AD server with ' --use-rfc2307' and do you 
>>> actually have any 'uidNumber' & 'gidNumber' attributes in AD? 
>>> because without them, you will get nothing.
>>>
>>> Rowland
>>>
>>>
>>
> You never said that you had done a classic upgrade from samba 3, 
> '--use-rfc2307' is only used when you provision a new domain.
>
> can you run this command on the samba 4 AD server (altering it to suit 
> your domain etc):
>
> ldapsearch -x -h 127.0.0.1 -b DC=example,DC=com -D 
> CN=Administrator,CN=Users,DC=example,DC=com -w <Administrator 
> password> 'cn=<a username>'
>
> It should dump all the users info, amongst which should be uidNumber
>
> Also what OS are you using?
>
> Rowland
>

More information about the samba mailing list