[Samba] Domain users not resolving...

Achim Gottinger achim at ag-web.biz
Fri Aug 22 19:43:45 MDT 2014 

Am 23.08.2014 02:19, schrieb Ryan Ashley:
> Rowland, I did not do this. This is a new client who dropped their old 
> IT support due to issues on the network. I found out it was not having 
> access to the sysvol. That is where I figured out what I have. I do 
> use FHS in my builds, but I would never put it into a root directory 
> like this. I guess the other team was testing Samba and using a client 
> to test on! I do agree 100% that the issue is the path. However, I can 
> feel good that I didn't do such a bone-headed move!
>
> Sorry for the lack of files, I had to figure out how it was set up. 
> Everything, including the configuration file is in "/samba", which 
> appears to be a separate partition. Here is what you requested.
>
> Samba 4.1.11 64bit
> Debian Squeeze 64bit
>
> =========
> smb.conf:
> =========
> # Global parameters
> [global]
>         workgroup = DOMAIN
>         realm = DOMAIN.LOCAL
>         netbios name = DC01
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbind, ntp_signd, kcc, dnsupdate
>         interfaces = 127.0.0.1, 192.168.0.1
>
> [netlogon]
>         path = /samba/var/locks/sysvol/kigm.local/scripts
>         read only = No
>
> [sysvol]
>         path = /samba/var/locks/sysvol
>         read only = No
>
> =========
> krb5.conf:
> =========
> [libdefaults]
>         default_realm = DOMAIN.LOCAL
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>
> =================
> Rowland's Request:
> =================
> root at dc01:~# /samba/sbin/samba -b
> Samba version: 4.1.11
> Build environment:
>    Build host:  Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 
> UTC 2014 x86_64 GNU/Linux
> Paths:
>    BINDIR: /samba/bin
>    SBINDIR: /samba/sbin
>    CONFIGFILE: /samba/etc/smb.conf
>    NCALRPCDIR: /samba/var/run/ncalrpc
>    LOGFILEBASE: /samba/var
>    LMHOSTSFILE: /samba/etc/lmhosts
>    DATADIR: /samba/share
>    MODULESDIR: /samba/lib
>    LOCKDIR: /samba/var/lock
>    STATEDIR: /samba/var/locks
>    CACHEDIR: /samba/var/cache
>    PIDDIR: /samba/var/run
>    PRIVATE_DIR: /samba/private
>    CODEPAGEDIR: /samba/share/codepages
>    SETUPDIR: /samba/share/setup
>    WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
>    WINBINDD_PRIVILEGED_SOCKET_DIR: /samba/var/lib/winbindd_privileged
>    NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd
>
> No ID's have been setup. The rfc2307 stuff is there, but they're not 
> using it. They have two Samba DC's and everything else is Windows 7. 
> They were using rsync to sync the sysvol, which had caused issues with 
> GID/UID on the second DC, but I fixed that already. Well, tried to 
> anyway. It is setup the EXACT same way. It also has issues with this 
> stuff.
>
> I have a theory as to how to fix this but want advice first. If I am 
> wrong, so be it. I would like to build Samba the STANDARD way (FHS, 
> bin files go to /bin, etc) but have one concern. If I do this, do I 
> simply need to adjust the paths in the configuration file and move the 
> sysvol to the proper location? On all of the systems I do, this is 
> always "/var/lib/samba/sysvol". I would obviously have to move the tdb 
> files and such to "/var/lib/samba" as well. Would that work, or am I 
> going to have to deal with this the way it is?
>
> If you need anything else, please ask. Remember, this is a DC and 
> while rfc2307 attributes exist, they're not being used. Probably due 
> to no Linux member servers.
>
> On 8/22/2014 4:54 PM, Rowland Penny wrote:
>> On 22/08/14 21:40, Marc Muehlfeld wrote:
>>> Hello,
>>>
>>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
>>>> I stepped into a setup where Samba was compiled and installed into
>>>> "/samba". The configure command on the DC is "configure
>>>> --prefix=/samba". The links for libnss_wins.so.2 and 
>>>> libnss_winbind.so.2
>>>> are there and nsswitch.conf is told to use winbind. However, "getent
>>>> group" returns only local users, "id" finds NO domain users, and 
>>>> "getent
>>>> passwd" returns only local users. I did do a rebuild of Samba after
>>>> verifying the dependencies were there and configured/installed the 
>>>> same
>>>> way so everything is in place. Still no dice. This guy was still 
>>>> running
>>>> Debian Squeeze so the install is probably old. Things seem to run, but
>>>> no systems can access the sysvol even after a reset, which led to this
>>>> discovery.
>>>>
>>>> Now, my thinking is that maybe the binaries in "/samba/bin" should be
>>>> linked to "/bin" and the same goes for the sbin stuff. Is this my 
>>>> issue
>>>> or what am I looking at? Yes, I stepped into it this time...
>>>
>>> It would be much easier to help, if you give some information about 
>>> your
>>> environment.
>>>
>>> - smb.conf
>>> - Samba version
>>> - IDs, etc. configured in your backend (depending on your Idmap config)
>>> - etc.
>>>
>>>
>>>
>>> Regards,
>>> Marc
>>>
>> It would also help if you followed the howto and didn't change bits 
>> that you don't like, just why did you install into /samba instead of 
>> /usr/local/samba ?
>> Everything out there is based on self compiling into 
>> /usr/local/samba, the wiki gives you the instructions based on this.
>>
>> having said this, it is possibly/probably a path problem, could you 
>> please post (along with what Marc has asked for) the result of 'samba 
>> -b'
>>
>> Rowland
>
As you say the setup does not use rfc2307. You mentioned that you fixed 
an issue with idmap uid/gid mapping, which you fixed. Did you copy 
idmap.ldb from dc1 to dc2? Or did you use an different one maybe from an 
other domain as an template?
Does wbinfo -g and -u return domain groups and users?

achim~

More information about the samba mailing list