[Samba] Winbind question

Ryan Ashley ryana at reachtechfp.com
Mon Aug 11 08:55:54 MDT 2014 

Did you start the winbind, nmbd, and smbd services? If winbindd is not 
running, you cannot use wbinfo.

On 08/11/2014 10:54 AM, Bruno MACADRÉ wrote:
> Nice, for me it's not so cool.... ad beckend works and winbind list 
> users but if I want infos about it I get a 'WBC_ERR_DOMAIN_NOT_FOUND' 
> error..... I must search again.....
>
>
> Le 11/08/2014 16:51, Ryan Ashley a écrit :
>> THAT DID IT! I am now pulling the correct ID's! I spent weeks on this 
>> and kept thinking it was configuration files or a bug. Man, I owe you 
>> dinner if you're ever in the states!
>>
>> On 08/11/2014 10:47 AM, Ryan Ashley wrote:
>>> My thoughts are the same. I am rebuilding Samba on my member server 
>>> now using the parameter you mentioned. I did a full rebuild from 
>>> scratch, but I will let you know if it works when it finishes. My 
>>> fingers are crossed!
>>>
>>> On 08/11/2014 10:45 AM, Bruno MACADRÉ wrote:
>>>> I think only members 'cause it's only on it we have the message 
>>>> 'can't load ad backend'
>>>>
>>>> Le 11/08/2014 16:37, Ryan Ashley a écrit :
>>>>> I have not seen that mentioned in my 121 posts about this issue. 
>>>>> Does that need to be enabled on the DC and members or just members?
>>>>>
>>>>> On 08/11/2014 10:35 AM, Bruno MACADRÉ wrote:
>>>>>> Nice clue,
>>>>>>
>>>>>> I quickly research in my tutorial and see that I forget an option 
>>>>>> on my configure line :
>>>>>>
>>>>>> --with-shared-modules=idmap_ad
>>>>>>
>>>>>> I recompile my samba and retry... I come back when finished
>>>>>>
>>>>>> Le 11/08/2014 16:30, Ryan Ashley a écrit :
>>>>>>> I forgot to tell you, if you are pulling from the TDB range, 
>>>>>>> your ID numbers will NOT be the same across member servers. That 
>>>>>>> is what I have been working on for a month now. I have two 
>>>>>>> member servers and they keep pulling from the TDB range, causing 
>>>>>>> a user to have an ID of 70001 on one member server but 70004 on 
>>>>>>> the other. Both servers claim they cannot probe the idmap ad 
>>>>>>> module.
>>>>>>>
>>>>>>> On 08/11/2014 10:21 AM, Bruno MACADRÉ wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I successfully set up an AD DC, and now, I want to join a file 
>>>>>>>> server as member in this domain.
>>>>>>>>
>>>>>>>> I followed this tutorial : 
>>>>>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>>>>>>
>>>>>>>> All works fine, my server join my AD without problem, samba 
>>>>>>>> starts fine and winbind too. But when I look at my domain 
>>>>>>>> users, the uid/gid returned by winbind are in the TDB range 
>>>>>>>> instead of the AD range.....
>>>>>>>>
>>>>>>>> This is my smb.conf :
>>>>>>>> [global]
>>>>>>>>
>>>>>>>>    netbios name = filzen
>>>>>>>>    workgroup = SAMDOM
>>>>>>>>    security = ADS
>>>>>>>>    realm = SAMDOM.FR
>>>>>>>>    encrypt passwords = yes
>>>>>>>>
>>>>>>>>    log level = 10
>>>>>>>>
>>>>>>>>    template homedir = /home/%U
>>>>>>>>    template shell = /bin/bash
>>>>>>>>
>>>>>>>>    winbind use default domain = yes
>>>>>>>>    winbind enum users  = yes
>>>>>>>>    winbind enum groups = yes
>>>>>>>>
>>>>>>>>    idmap config SAMDOM:backend = ad
>>>>>>>>    idmap config SAMDOM:range = 20001-70000
>>>>>>>>    idmap config SAMDOM:default = yes
>>>>>>>>    idmap config *:backend = tdb
>>>>>>>>    idmap config *:range = 70001-80000
>>>>>>>>
>>>>>>>> If I type :
>>>>>>>> # wbinfo -i administrator
>>>>>>>>
>>>>>>>> I get :
>>>>>>>> administrator:*:70001:70001::/home/administrator:/bin/bash
>>>>>>>>
>>>>>>>> If I create a user (foo) and trying to obtain his informations :
>>>>>>>> # wbinfo -i foo
>>>>>>>>
>>>>>>>> I get:
>>>>>>>> foo:*:70002:70001::/home/foo:/bin/bash
>>>>>>>>
>>>>>>>> Why winbind doen't use AD range instead of TBD range ? And even 
>>>>>>>> if I must use TDB range is there a certainty that this uid/gid 
>>>>>>>> are the same over all members ?
>>>>>>>>
>>>>>>>> Another clue : If I use SAMDOM:backend = rid the users receive 
>>>>>>>> a uid/gid in SAMDOM range and not in TDB range (maybe a bug in 
>>>>>>>> ad backend ?)
>>>>>>>>
>>>>>>>> Thanks for any answers
>>>>>>>> Regards,
>>>>>>>> Bruno.
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

More information about the samba mailing list