[Samba] Domain users not resolving...
achim at ag-web.biz
Fri Aug 22 19:43:45 MDT 2014
Am 23.08.2014 02:19, schrieb Ryan Ashley:
> Rowland, I did not do this. This is a new client who dropped their old
> IT support due to issues on the network. I found out it was not having
> access to the sysvol. That is where I figured out what I have. I do
> use FHS in my builds, but I would never put it into a root directory
> like this. I guess the other team was testing Samba and using a client
> to test on! I do agree 100% that the issue is the path. However, I can
> feel good that I didn't do such a bone-headed move!
> Sorry for the lack of files, I had to figure out how it was set up.
> Everything, including the configuration file is in "/samba", which
> appears to be a separate partition. Here is what you requested.
> Samba 4.1.11 64bit
> Debian Squeeze 64bit
> # Global parameters
> workgroup = DOMAIN
> realm = DOMAIN.LOCAL
> netbios name = DC01
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
> interfaces = 127.0.0.1, 192.168.0.1
> path = /samba/var/locks/sysvol/kigm.local/scripts
> read only = No
> path = /samba/var/locks/sysvol
> read only = No
> default_realm = DOMAIN.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
> Rowland's Request:
> root at dc01:~# /samba/sbin/samba -b
> Samba version: 4.1.11
> Build environment:
> Build host: Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35
> UTC 2014 x86_64 GNU/Linux
> BINDIR: /samba/bin
> SBINDIR: /samba/sbin
> CONFIGFILE: /samba/etc/smb.conf
> NCALRPCDIR: /samba/var/run/ncalrpc
> LOGFILEBASE: /samba/var
> LMHOSTSFILE: /samba/etc/lmhosts
> DATADIR: /samba/share
> MODULESDIR: /samba/lib
> LOCKDIR: /samba/var/lock
> STATEDIR: /samba/var/locks
> CACHEDIR: /samba/var/cache
> PIDDIR: /samba/var/run
> PRIVATE_DIR: /samba/private
> CODEPAGEDIR: /samba/share/codepages
> SETUPDIR: /samba/share/setup
> WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
> WINBINDD_PRIVILEGED_SOCKET_DIR: /samba/var/lib/winbindd_privileged
> NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd
> No ID's have been setup. The rfc2307 stuff is there, but they're not
> using it. They have two Samba DC's and everything else is Windows 7.
> They were using rsync to sync the sysvol, which had caused issues with
> GID/UID on the second DC, but I fixed that already. Well, tried to
> anyway. It is setup the EXACT same way. It also has issues with this
> I have a theory as to how to fix this but want advice first. If I am
> wrong, so be it. I would like to build Samba the STANDARD way (FHS,
> bin files go to /bin, etc) but have one concern. If I do this, do I
> simply need to adjust the paths in the configuration file and move the
> sysvol to the proper location? On all of the systems I do, this is
> always "/var/lib/samba/sysvol". I would obviously have to move the tdb
> files and such to "/var/lib/samba" as well. Would that work, or am I
> going to have to deal with this the way it is?
> If you need anything else, please ask. Remember, this is a DC and
> while rfc2307 attributes exist, they're not being used. Probably due
> to no Linux member servers.
> On 8/22/2014 4:54 PM, Rowland Penny wrote:
>> On 22/08/14 21:40, Marc Muehlfeld wrote:
>>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
>>>> I stepped into a setup where Samba was compiled and installed into
>>>> "/samba". The configure command on the DC is "configure
>>>> --prefix=/samba". The links for libnss_wins.so.2 and
>>>> are there and nsswitch.conf is told to use winbind. However, "getent
>>>> group" returns only local users, "id" finds NO domain users, and
>>>> passwd" returns only local users. I did do a rebuild of Samba after
>>>> verifying the dependencies were there and configured/installed the
>>>> way so everything is in place. Still no dice. This guy was still
>>>> Debian Squeeze so the install is probably old. Things seem to run, but
>>>> no systems can access the sysvol even after a reset, which led to this
>>>> Now, my thinking is that maybe the binaries in "/samba/bin" should be
>>>> linked to "/bin" and the same goes for the sbin stuff. Is this my
>>>> or what am I looking at? Yes, I stepped into it this time...
>>> It would be much easier to help, if you give some information about
>>> - smb.conf
>>> - Samba version
>>> - IDs, etc. configured in your backend (depending on your Idmap config)
>>> - etc.
>> It would also help if you followed the howto and didn't change bits
>> that you don't like, just why did you install into /samba instead of
>> /usr/local/samba ?
>> Everything out there is based on self compiling into
>> /usr/local/samba, the wiki gives you the instructions based on this.
>> having said this, it is possibly/probably a path problem, could you
>> please post (along with what Marc has asked for) the result of 'samba
As you say the setup does not use rfc2307. You mentioned that you fixed
an issue with idmap uid/gid mapping, which you fixed. Did you copy
idmap.ldb from dc1 to dc2? Or did you use an different one maybe from an
other domain as an template?
Does wbinfo -g and -u return domain groups and users?
More information about the samba