[Samba] Join Samba4 in a Samba4 AD

DarkZad darkzad at yahoo.com.br
Sat Nov 9 07:31:30 MST 2013


Just did the change in the TUDOR idmap config: backend = rid the fileserver.

In AD server still the same thing.
I ran the command wbinfo-i Marcelo and worked perfectly.

You think I should run the command     samba-tool domain provision --use 
RFC2307
and register all users to work seamlessly?

Thanks




Em 09-11-2013 12:24, Rowland Penny escreveu:
> On 09/11/13 14:22, DarkZad wrote:
>> I changed the setting to TUDOR idmap config: backend = rid and it 
>> worked perfectly.
>>
>> But using idmap config TUDOR: backend = rid can give a problem?
>>
>> Thank you for your help.
>>
>> In fileserve I run
>>
>> wbinfo -i marcelo
>> marcelo:*:83726:80514:marcelo:/home/TUDOR/marcelo:/bin/false
>>
>> Thansk a lot.
>>
>>
>>
>>
>> Em 09-11-2013 12:13, Rowland Penny escreveu:
>>> On 09/11/13 14:00, DarkZad wrote:
>>>>
>>>> saida do ldapsearch
>>>>
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <DC=tudor,DC=local> with scope subtree
>>>> # filter: cn=marcelo
>>>> # requesting: ALL
>>>> #
>>>>
>>>> # marcelo, Users, tudor.local
>>>> dn: CN=marcelo,CN=Users,DC=tudor,DC=local
>>>> objectClass: top
>>>> objectClass: person
>>>> objectClass: organizationalPerson
>>>> objectClass: user
>>>> cn: marcelo
>>>> instanceType: 4
>>>> whenCreated: 20131109130551.0Z
>>>> whenChanged: 20131109130551.0Z
>>>> uSNCreated: 4860
>>>> name: marcelo
>>>> objectGUID:: V8qCGb8KwEqTB0SuaABscw==
>>>> badPwdCount: 0
>>>> codePage: 0
>>>> countryCode: 0
>>>> badPasswordTime: 0
>>>> lastLogoff: 0
>>>> lastLogon: 0
>>>> primaryGroupID: 513
>>>> objectSid:: AQUAAAAAAAUVAAAACJ+1yPvM4+uH+r6wjQ4AAA==
>>>> accountExpires: 9223372036854775807
>>>> logonCount: 0
>>>> sAMAccountName: marcelo
>>>> sAMAccountType: 805306368
>>>> userPrincipalName: marcelo at tudor.local
>>>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=tudor,DC=local
>>>> pwdLastSet: 130284759510000000
>>>> userAccountControl: 512
>>>> uSNChanged: 4862
>>>> distinguishedName: CN=marcelo,CN=Users,DC=tudor,DC=local
>>>>
>>>
>>> This is a standard windows user, I was expecting to see something 
>>> like this:
>>>
>>> # rowland, Users, example.com
>>> dn: CN=rowland,CN=Users,DC=example,DC=com
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> cn: rowland
>>> instanceType: 4
>>> whenCreated: 20131102133901.0Z
>>> uSNCreated: 3774
>>> name: rowland
>>> objectGUID:: y2W7zOeov0G0OhEc8WjPog==
>>> badPwdCount: 0
>>> codePage: 0
>>> countryCode: 0
>>> badPasswordTime: 0
>>> lastLogoff: 0
>>> lastLogon: 0
>>> primaryGroupID: 513
>>> objectSid:: AQUAAAAAAAUVAAAAk3pjaDgNdKQkIvrkTwQAAA==
>>> logonCount: 0
>>> sAMAccountName: rowland
>>> sAMAccountType: 805306368
>>> userPrincipalName: rowland at example.com
>>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
>>> pwdLastSet: 130278731410000000
>>> userAccountControl: 66048
>>> accountExpires: 0
>>> givenName: Rowland
>>> sn: Penny
>>> displayName: Rowland Penny
>>> homeDrive: H:
>>> msSFU30NisDomain: example
>>> msSFU30Name: rowland
>>> uidNumber: 10000
>>> gidNumber: 100
>>> loginShell: /bin/bash
>>> unixHomeDirectory: /home/rowland
>>> uid: rowland
>>> memberOf: CN=testgroup1,CN=Users,DC=example,DC=com
>>> telephoneNumber: 01200422623
>>> description: A Unix user
>>> whenChanged: 20131106173618.0Z
>>> uSNChanged: 3841
>>> distinguishedName: CN=rowland,CN=Users,DC=example,DC=com
>>>
>>> Ignore most of it, the things to focus on are:
>>>
>>> uidNumber: 10000
>>> gidNumber: 100
>>> loginShell: /bin/bash
>>> unixHomeDirectory: /home/rowland
>>>
>>> This is the information that winbind with the 'ad' backend pulls and 
>>> uses, your user does not have this and without this, wbinfo -i will 
>>> not work. You could try changing 'idmap config TUDOR:backend = ad' 
>>> to ' idmap config TUDOR:backend = rid' but if you do, never connect 
>>> directly to any shares on the samba 4 server.
>>>
>>> Rowland
>>>
>>
> Try running the same command on the samba 4 server and I think that 
> you will see the problem.
>
> Rowland



More information about the samba mailing list