[Samba] centos 6.5 sernet-samba 4.1.6 member server winbind idmap fail
Lorenzo Faleschini
lorenzo.faleschini at nordestsystems.com
Thu Apr 10 03:20:29 MDT 2014
Hi everybody,
I've searched deeply into the samba wiki and the list for some working
examples, but I cannot find my way out, I'm a kind of rough samba user
(let's say almost newbie).. so asking help here:
This is my setup:
DC (samba.my.domain.com <http://samba.my.domain.com/>): CentOS 6.5 with
sernet-samba 4.1.6 started in "ad" mode
(upgraded successfully from early 4.0.5, working fine with windows
clients and servers, deployed with rfc2307, wbinfo and getent working fine)
MEMBER (files.my.domain.com <http://files.my.domain.com/>): Centos 6.5
with sernet-samba 4.1.6 started in "classic" mode
(successfully joined with net ads join, dns updated correctly and host
is able to resolv domain names, followed the howto on samba wiki, tried
also by installing from source with parameters suggested in but with no
luck)
NOTE: disabled iptables and selinux in this test environment
NOTE: created testuser and testgroup with windowsRSAT (AD
users&computers) and filled the UNIX attributes tab.. so I suppose at
least for that 2 user and group I have correctly set UID GID
____________________config files_______________________________
##############/etc/samba/smb.conf
[global]
workgroup = MY
security = ADS
realm = MY.DOMAIN.COM
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config MY:backend = ad
idmap config MY:schema_mode = rfc2307
idmap config MY:range = 500-40000
winbind nss info = rfc2307
[test]
path = /condivisioni/test
read only = no
#################/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MY.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
MY.DOMAIN.COM = {
kdc = samba.my.domain.com
admin_server = samba.my.domain.com }
[domain_realm]
.my.domain.com = MY.DOMAIN.COM
my.domain.com = MY.DOMAIN.COM
#################/etc/nsswitch.conf (edited lines)
passwd: files winbind
group: files winbind
________________________________________________________
~> wbinfo -p
~> wbinfo -u
~> wbinfo -g
~> wbinfo -n testuser
return expected output
~> getent passwd
~> getent group
return only local unix users and groups
~> wbinfo -i testuser
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user testuser
~> wbinfo --group-info testgroup
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group testgroup
on DC getent is working correctly and also wbinfo -i:
~> wbinfo -i testuser
MY\testuser:*:10000:100:testuser:/home/MY/testuser:/bin/false
~> wbinfo --group-info testgroup
MY\testgroup:*:10000:
~> wbinfo -i marco
MY\marco:*:3000043:100:Marco:/home/MY/marco:/bin/false
~> wbinfo --group-info "domain users"
MY\Domain Users:*:100:
... any suggestions?
... I've searched the /vat/log/samba logs but can't find anythig
relevant there about errors? should I look somewhere else?
... would it be better do add this MEMBER as a DC with samba tool? any
gotchas in doing so?
... I read many times Steve and Rowland suggesting sssd over winbind..
I've tried to configure it but without success either (quite frustrated :( )
thanks
--
Lorenzo Faleschini
IT Manager @ Nord Est Systems srl
----------------------------------------
m: +39 335 6055225 | skype: falegalizeit
More information about the samba
mailing list