[Samba] centos 6.5 sernet-samba 4.1.6 member server winbind idmap fail
Lorenzo Faleschini
lorenzo.faleschini at nordestsystems.com
Thu Apr 10 09:46:05 MDT 2014
ok,
now if I specify domain in wbinfo and getent queries I get expected results
eg:
> getent passwd MY\\userx
MY\userx:*:10001:10000:User X:/home/userx:/bin/sh
> wbinfo -i MY\\userx
MY\userx:*:10001:10000:User X:/home/userx:/bin/sh
I can setup shares and manage trough ComputerManagement (logged as
Domain Admin - Administrator),
but if I remove "Everyone" with "Full Control" from share permissions I
cannot use the Security Tab anymore (until I set Full Control to
Everyone back in share's permission)
this is weird IMHO and makes the fileserver unusable
I'll try a debian machine now. can you please post your working configs?
Il giorno giovedì 10 aprile 2014 15:00:02 UTC+2, L. P. H. van Belle ha
scritto:
> yes, the solution ( aka worked for me on debian with sernet )
>
>
>
> make use of usermap
>
> add to smb.conf :
>
>
>
> # user Administrator workaround, without it you are unable to set
privileges
>
> username map = /etc/samba/samba_usermapping
>
>
>
> add in the file samba_usermapping
>
> !root = DOMAINNAME\Administrator DOMAINNAME\administrator
>
>
>
> restart samba
>
>
>
>
>
> >-----Oorspronkelijk bericht-----
>
> >Van: lorenzo.faleschini at nordestsystems.com
>
> >[mailto:samba-bounces at lists.samba.org] Namens Lorenzo Faleschini
>
> >Verzonden: donderdag 10 april 2014 11:20
>
> >Aan: samba at lists.samba.org
>
> >Onderwerp: [Samba] centos 6.5 sernet-samba 4.1.6 member server
>
> >winbind idmap fail
>
> >
>
> >Hi everybody,
>
> >
>
> >I've searched deeply into the samba wiki and the list for some working
>
> >examples, but I cannot find my way out, I'm a kind of rough samba user
>
> >(let's say almost newbie).. so asking help here:
>
> >
>
> >This is my setup:
>
> >
>
> >DC (samba.my.domain.com <http://samba.my.domain.com/>): CentOS
>
> >6.5 with
>
> >sernet-samba 4.1.6 started in "ad" mode
>
> >(upgraded successfully from early 4.0.5, working fine with windows
>
> >clients and servers, deployed with rfc2307, wbinfo and getent
>
> >working fine)
>
> >
>
> >MEMBER (files.my.domain.com <http://files.my.domain.com/>): Centos 6.5
>
> >with sernet-samba 4.1.6 started in "classic" mode
>
> >(successfully joined with net ads join, dns updated correctly and host
>
> >is able to resolv domain names, followed the howto on samba
>
> >wiki, tried
>
> >also by installing from source with parameters suggested in
>
> >but with no
>
> >luck)
>
> >
>
> >NOTE: disabled iptables and selinux in this test environment
>
> >NOTE: created testuser and testgroup with windowsRSAT (AD
>
> >users&computers) and filled the UNIX attributes tab.. so I suppose at
>
> >least for that 2 user and group I have correctly set UID GID
>
> >
>
> >____________________config files_______________________________
>
> >
>
> >##############/etc/samba/smb.conf
>
> >[global]
>
> >
>
> > workgroup = MY
>
> > security = ADS
>
> > realm = MY.DOMAIN.COM
>
> >
>
> > idmap config *:backend = tdb
>
> > idmap config *:range = 70001-80000
>
> > idmap config MY:backend = ad
>
> > idmap config MY:schema_mode = rfc2307
>
> > idmap config MY:range = 500-40000
>
> >
>
> > winbind nss info = rfc2307
>
> >
>
> >[test]
>
> > path = /condivisioni/test
>
> > read only = no
>
> >
>
> >
>
> >#################/etc/krb5.conf
>
> >[logging]
>
> > default = FILE:/var/log/krb5libs.log
>
> > kdc = FILE:/var/log/krb5kdc.log
>
> > admin_server = FILE:/var/log/kadmind.log
>
> >
>
> >[libdefaults]
>
> > default_realm = MY.DOMAIN.COM
>
> > dns_lookup_realm = false
>
> > dns_lookup_kdc = false
>
> > ticket_lifetime = 24h
>
> > renew_lifetime = 7d
>
> > forwardable = true
>
> >
>
> >[realms]
>
> >MY.DOMAIN.COM = {
>
> > kdc = samba.my.domain.com
>
> > admin_server = samba.my.domain.com }
>
> >
>
> >[domain_realm]
>
> > .my.domain.com = MY.DOMAIN.COM
>
> >my.domain.com = MY.DOMAIN.COM
>
> >
>
> >#################/etc/nsswitch.conf (edited lines)
>
> >passwd: files winbind
>
> >group: files winbind
>
> >
>
> >________________________________________________________
>
> >
>
> >~> wbinfo -p
>
> >~> wbinfo -u
>
> >~> wbinfo -g
>
> >~> wbinfo -n testuser
>
> >
>
> >return expected output
>
> >
>
> >~> getent passwd
>
> >~> getent group
>
> >
>
> >return only local unix users and groups
>
> >
>
> >~> wbinfo -i testuser
>
> >failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>
> >Could not get info for user testuser
>
> >~> wbinfo --group-info testgroup
>
> >failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
>
> >Could not get info for group testgroup
>
> >
>
> >
>
> >on DC getent is working correctly and also wbinfo -i:
>
> >~> wbinfo -i testuser
>
> >MY\testuser:*:10000:100:testuser:/home/MY/testuser:/bin/false
>
> >~> wbinfo --group-info testgroup
>
> >MY\testgroup:*:10000:
>
> >~> wbinfo -i marco
>
> >MY\marco:*:3000043:100:Marco:/home/MY/marco:/bin/false
>
> >~> wbinfo --group-info "domain users"
>
> >MY\Domain Users:*:100:
>
> >
>
> >
>
> >... any suggestions?
>
> >... I've searched the /vat/log/samba logs but can't find anythig
>
> >relevant there about errors? should I look somewhere else?
>
> >... would it be better do add this MEMBER as a DC with samba tool? any
>
> >gotchas in doing so?
>
> >... I read many times Steve and Rowland suggesting sssd over winbind..
>
> >I've tried to configure it but without success either (quite
>
> >frustrated :( )
>
> >
>
> >thanks
>
> >
>
> >--
>
> >
>
> >Lorenzo Faleschini
>
> >IT Manager @ Nord Est Systems srl
>
> >----------------------------------------
>
> >m: +39 335 6055225 | skype: falegalizeit
>
> >
>
> >--
>
> >To unsubscribe from this list go to the following URL and read the
>
> >instructions: https://lists.samba.org/mailman/options/samba
>
> >
>
> >
>
>
>
> --
>
> To unsubscribe from this list go to the following URL and read the
>
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list