[Samba] Join Samba4 in a Samba4 AD

Rowland Penny rowlandpenny at googlemail.com
Sat Nov 9 07:13:24 MST 2013 

On 09/11/13 14:00, DarkZad wrote:
>
> saida do ldapsearch
>
> # extended LDIF
> #
> # LDAPv3
> # base <DC=tudor,DC=local> with scope subtree
> # filter: cn=marcelo
> # requesting: ALL
> #
>
> # marcelo, Users, tudor.local
> dn: CN=marcelo,CN=Users,DC=tudor,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: marcelo
> instanceType: 4
> whenCreated: 20131109130551.0Z
> whenChanged: 20131109130551.0Z
> uSNCreated: 4860
> name: marcelo
> objectGUID:: V8qCGb8KwEqTB0SuaABscw==
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAACJ+1yPvM4+uH+r6wjQ4AAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: marcelo
> sAMAccountType: 805306368
> userPrincipalName: marcelo at tudor.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=tudor,DC=local
> pwdLastSet: 130284759510000000
> userAccountControl: 512
> uSNChanged: 4862
> distinguishedName: CN=marcelo,CN=Users,DC=tudor,DC=local
>

This is a standard windows user, I was expecting to see something like this:

# rowland, Users, example.com
dn: CN=rowland,CN=Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: rowland
instanceType: 4
whenCreated: 20131102133901.0Z
uSNCreated: 3774
name: rowland
objectGUID:: y2W7zOeov0G0OhEc8WjPog==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAk3pjaDgNdKQkIvrkTwQAAA==
logonCount: 0
sAMAccountName: rowland
sAMAccountType: 805306368
userPrincipalName: rowland at example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
pwdLastSet: 130278731410000000
userAccountControl: 66048
accountExpires: 0
givenName: Rowland
sn: Penny
displayName: Rowland Penny
homeDrive: H:
msSFU30NisDomain: example
msSFU30Name: rowland
uidNumber: 10000
gidNumber: 100
loginShell: /bin/bash
unixHomeDirectory: /home/rowland
uid: rowland
memberOf: CN=testgroup1,CN=Users,DC=example,DC=com
telephoneNumber: 01200422623
description: A Unix user
whenChanged: 20131106173618.0Z
uSNChanged: 3841
distinguishedName: CN=rowland,CN=Users,DC=example,DC=com

Ignore most of it, the things to focus on are:

uidNumber: 10000
gidNumber: 100
loginShell: /bin/bash
unixHomeDirectory: /home/rowland

This is the information that winbind with the 'ad' backend pulls and 
uses, your user does not have this and without this, wbinfo -i will not 
work. You could try changing 'idmap config TUDOR:backend = ad' to ' 
idmap config TUDOR:backend = rid' but if you do, never connect directly 
to any shares on the samba 4 server.

Rowland

More information about the samba mailing list