[Samba] Join Samba4 in a Samba4 AD

Rowland Penny rowlandpenny at googlemail.com
Sat Nov 9 06:56:18 MST 2013 

On 09/11/13 13:52, DarkZad wrote:
> I did not find this command ldapsearch

apt-get install ldap-utils

>
> I'm running Debian 7

OK, I use Ubuntu 12.04, so similar enough

>
> Sorry for not having spoken classic upgrade. :O

No problem ;-)

>
> Em 09-11-2013 11:43, Rowland Penny escreveu:
>> On 09/11/13 13:30, DarkZad wrote:
>>> Hum
>>>
>>> In my AD had to do an import from Samba3 then did this:
>>> samba-tool domain classicupgrade --dbdir=/root/samba3/ 
>>> --use-xattrs=yes  --realm=tudor.local /root/samba3/smb.conf
>>>
>>>
>>> I see you have --use-rfc2307
>>>
>>>
>>> AD - smb.conf
>>>
>>> [global]
>>>         workgroup = TUDOR
>>>         realm = tudor.local
>>>         netbios name = SRVAD
>>>         server role = active directory domain controller
>>>         idmap_ldb:use rfc2307 = yes
>>>         dns forwarder = 192.168.1.1
>>>
>>> [netlogon]
>>>         path = /usr/local/samba/var/locks/sysvol/tudor.local/scripts
>>>         read only = No
>>>
>>> [sysvol]
>>>         path = /usr/local/samba/var/locks/sysvol
>>>         read only = No
>>>
>>>
>>>
>>>
>>> Em 09-11-2013 11:19, Rowland Penny escreveu:
>>>> On 09/11/13 13:13, DarkZad wrote:
>>>>> Local only.
>>>>>
>>>>> This happens in winbind:
>>>>>
>>>>> winbindd -i -S -d=4
>>>>>
>>>>> child daemon request 59
>>>>> Could not get unix ID for SID 
>>>>> S-1-5-21-3367345928-3957574907-2965305991-3360
>>>>> Finished processing child request 59
>>>>> child daemon request 59
>>>>> Finished processing child request 59
>>>>> child daemon request 59
>>>>> Could not get unix ID for SID 
>>>>> S-1-5-21-3367345928-3957574907-2965305991-3354
>>>>> Finished processing child request 59
>>>>> child daemon request 59
>>>>> Finished processing child request 59
>>>>> child daemon request 59
>>>>> Could not get unix ID for SID 
>>>>> S-1-5-21-3367345928-3957574907-2965305991-3024
>>>>>
>>>>>
>>>>>
>>>>> Em 09-11-2013 11:06, Rowland Penny escreveu:
>>>>>> Does 'getent passwd' show your domain users? 
>>>>>
>>>> You have these two lines in your smb.conf:
>>>>
>>>> idmap config TUDOR:backend = ad
>>>> idmap config TUDOR:schema_mode = rfc2307
>>>>
>>>> This shows that you want to use RFC2307 attributes from AD. Did you 
>>>> provision the Samba 4 AD server with ' --use-rfc2307' and do you 
>>>> actually have any 'uidNumber' & 'gidNumber' attributes in AD? 
>>>> because without them, you will get nothing.
>>>>
>>>> Rowland
>>>>
>>>>
>>>
>> You never said that you had done a classic upgrade from samba 3, 
>> '--use-rfc2307' is only used when you provision a new domain.
>>
>> can you run this command on the samba 4 AD server (altering it to 
>> suit your domain etc):
>>
>> ldapsearch -x -h 127.0.0.1 -b DC=example,DC=com -D 
>> CN=Administrator,CN=Users,DC=example,DC=com -w <Administrator 
>> password> 'cn=<a username>'
>>
>> It should dump all the users info, amongst which should be uidNumber
>>
>> Also what OS are you using?
>>
>> Rowland
>>
>

More information about the samba mailing list