[Samba] Join Samba4 in a Samba4 AD

Rowland Penny rowlandpenny at googlemail.com
Sat Nov 9 07:24:58 MST 2013


On 09/11/13 14:22, DarkZad wrote:
> I changed the setting to TUDOR idmap config: backend = rid and it 
> worked perfectly.
>
> But using idmap config TUDOR: backend = rid can give a problem?
>
> Thank you for your help.
>
> In fileserve I run
>
> wbinfo -i marcelo
> marcelo:*:83726:80514:marcelo:/home/TUDOR/marcelo:/bin/false
>
> Thansk a lot.
>
>
>
>
> Em 09-11-2013 12:13, Rowland Penny escreveu:
>> On 09/11/13 14:00, DarkZad wrote:
>>>
>>> saida do ldapsearch
>>>
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <DC=tudor,DC=local> with scope subtree
>>> # filter: cn=marcelo
>>> # requesting: ALL
>>> #
>>>
>>> # marcelo, Users, tudor.local
>>> dn: CN=marcelo,CN=Users,DC=tudor,DC=local
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> cn: marcelo
>>> instanceType: 4
>>> whenCreated: 20131109130551.0Z
>>> whenChanged: 20131109130551.0Z
>>> uSNCreated: 4860
>>> name: marcelo
>>> objectGUID:: V8qCGb8KwEqTB0SuaABscw==
>>> badPwdCount: 0
>>> codePage: 0
>>> countryCode: 0
>>> badPasswordTime: 0
>>> lastLogoff: 0
>>> lastLogon: 0
>>> primaryGroupID: 513
>>> objectSid:: AQUAAAAAAAUVAAAACJ+1yPvM4+uH+r6wjQ4AAA==
>>> accountExpires: 9223372036854775807
>>> logonCount: 0
>>> sAMAccountName: marcelo
>>> sAMAccountType: 805306368
>>> userPrincipalName: marcelo at tudor.local
>>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=tudor,DC=local
>>> pwdLastSet: 130284759510000000
>>> userAccountControl: 512
>>> uSNChanged: 4862
>>> distinguishedName: CN=marcelo,CN=Users,DC=tudor,DC=local
>>>
>>
>> This is a standard windows user, I was expecting to see something 
>> like this:
>>
>> # rowland, Users, example.com
>> dn: CN=rowland,CN=Users,DC=example,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: rowland
>> instanceType: 4
>> whenCreated: 20131102133901.0Z
>> uSNCreated: 3774
>> name: rowland
>> objectGUID:: y2W7zOeov0G0OhEc8WjPog==
>> badPwdCount: 0
>> codePage: 0
>> countryCode: 0
>> badPasswordTime: 0
>> lastLogoff: 0
>> lastLogon: 0
>> primaryGroupID: 513
>> objectSid:: AQUAAAAAAAUVAAAAk3pjaDgNdKQkIvrkTwQAAA==
>> logonCount: 0
>> sAMAccountName: rowland
>> sAMAccountType: 805306368
>> userPrincipalName: rowland at example.com
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
>> pwdLastSet: 130278731410000000
>> userAccountControl: 66048
>> accountExpires: 0
>> givenName: Rowland
>> sn: Penny
>> displayName: Rowland Penny
>> homeDrive: H:
>> msSFU30NisDomain: example
>> msSFU30Name: rowland
>> uidNumber: 10000
>> gidNumber: 100
>> loginShell: /bin/bash
>> unixHomeDirectory: /home/rowland
>> uid: rowland
>> memberOf: CN=testgroup1,CN=Users,DC=example,DC=com
>> telephoneNumber: 01200422623
>> description: A Unix user
>> whenChanged: 20131106173618.0Z
>> uSNChanged: 3841
>> distinguishedName: CN=rowland,CN=Users,DC=example,DC=com
>>
>> Ignore most of it, the things to focus on are:
>>
>> uidNumber: 10000
>> gidNumber: 100
>> loginShell: /bin/bash
>> unixHomeDirectory: /home/rowland
>>
>> This is the information that winbind with the 'ad' backend pulls and 
>> uses, your user does not have this and without this, wbinfo -i will 
>> not work. You could try changing 'idmap config TUDOR:backend = ad' to 
>> ' idmap config TUDOR:backend = rid' but if you do, never connect 
>> directly to any shares on the samba 4 server.
>>
>> Rowland
>>
>
Try running the same command on the samba 4 server and I think that you 
will see the problem.

Rowland


More information about the samba mailing list