[Samba] Domain users not resolving...

Ryan Ashley ryana at reachtechfp.com
Fri Aug 22 20:44:06 MDT 2014 

I fixed it on the second DC by using its own idmap.ldb through 
"samba-tool ntacl sysvolreset". That set the permissions according to 
the ID's on itself. Yes, wbinfo returns domain users and groups. I have 
to run it by calling the absolute path however, since it is installed in 
that odd location.

On 8/22/2014 9:43 PM, Achim Gottinger wrote:
> Am 23.08.2014 02:19, schrieb Ryan Ashley:
>> Rowland, I did not do this. This is a new client who dropped their 
>> old IT support due to issues on the network. I found out it was not 
>> having access to the sysvol. That is where I figured out what I have. 
>> I do use FHS in my builds, but I would never put it into a root 
>> directory like this. I guess the other team was testing Samba and 
>> using a client to test on! I do agree 100% that the issue is the 
>> path. However, I can feel good that I didn't do such a bone-headed move!
>>
>> Sorry for the lack of files, I had to figure out how it was set up. 
>> Everything, including the configuration file is in "/samba", which 
>> appears to be a separate partition. Here is what you requested.
>>
>> Samba 4.1.11 64bit
>> Debian Squeeze 64bit
>>
>> =========
>> smb.conf:
>> =========
>> # Global parameters
>> [global]
>>         workgroup = DOMAIN
>>         realm = DOMAIN.LOCAL
>>         netbios name = DC01
>>         server role = active directory domain controller
>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
>> drepl, winbind, ntp_signd, kcc, dnsupdate
>>         interfaces = 127.0.0.1, 192.168.0.1
>>
>> [netlogon]
>>         path = /samba/var/locks/sysvol/kigm.local/scripts
>>         read only = No
>>
>> [sysvol]
>>         path = /samba/var/locks/sysvol
>>         read only = No
>>
>> =========
>> krb5.conf:
>> =========
>> [libdefaults]
>>         default_realm = DOMAIN.LOCAL
>>         dns_lookup_realm = false
>>         dns_lookup_kdc = true
>>
>> =================
>> Rowland's Request:
>> =================
>> root at dc01:~# /samba/sbin/samba -b
>> Samba version: 4.1.11
>> Build environment:
>>    Build host:  Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 
>> UTC 2014 x86_64 GNU/Linux
>> Paths:
>>    BINDIR: /samba/bin
>>    SBINDIR: /samba/sbin
>>    CONFIGFILE: /samba/etc/smb.conf
>>    NCALRPCDIR: /samba/var/run/ncalrpc
>>    LOGFILEBASE: /samba/var
>>    LMHOSTSFILE: /samba/etc/lmhosts
>>    DATADIR: /samba/share
>>    MODULESDIR: /samba/lib
>>    LOCKDIR: /samba/var/lock
>>    STATEDIR: /samba/var/locks
>>    CACHEDIR: /samba/var/cache
>>    PIDDIR: /samba/var/run
>>    PRIVATE_DIR: /samba/private
>>    CODEPAGEDIR: /samba/share/codepages
>>    SETUPDIR: /samba/share/setup
>>    WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
>>    WINBINDD_PRIVILEGED_SOCKET_DIR: /samba/var/lib/winbindd_privileged
>>    NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd
>>
>> No ID's have been setup. The rfc2307 stuff is there, but they're not 
>> using it. They have two Samba DC's and everything else is Windows 7. 
>> They were using rsync to sync the sysvol, which had caused issues 
>> with GID/UID on the second DC, but I fixed that already. Well, tried 
>> to anyway. It is setup the EXACT same way. It also has issues with 
>> this stuff.
>>
>> I have a theory as to how to fix this but want advice first. If I am 
>> wrong, so be it. I would like to build Samba the STANDARD way (FHS, 
>> bin files go to /bin, etc) but have one concern. If I do this, do I 
>> simply need to adjust the paths in the configuration file and move 
>> the sysvol to the proper location? On all of the systems I do, this 
>> is always "/var/lib/samba/sysvol". I would obviously have to move the 
>> tdb files and such to "/var/lib/samba" as well. Would that work, or 
>> am I going to have to deal with this the way it is?
>>
>> If you need anything else, please ask. Remember, this is a DC and 
>> while rfc2307 attributes exist, they're not being used. Probably due 
>> to no Linux member servers.
>>
>> On 8/22/2014 4:54 PM, Rowland Penny wrote:
>>> On 22/08/14 21:40, Marc Muehlfeld wrote:
>>>> Hello,
>>>>
>>>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
>>>>> I stepped into a setup where Samba was compiled and installed into
>>>>> "/samba". The configure command on the DC is "configure
>>>>> --prefix=/samba". The links for libnss_wins.so.2 and 
>>>>> libnss_winbind.so.2
>>>>> are there and nsswitch.conf is told to use winbind. However, "getent
>>>>> group" returns only local users, "id" finds NO domain users, and 
>>>>> "getent
>>>>> passwd" returns only local users. I did do a rebuild of Samba after
>>>>> verifying the dependencies were there and configured/installed the 
>>>>> same
>>>>> way so everything is in place. Still no dice. This guy was still 
>>>>> running
>>>>> Debian Squeeze so the install is probably old. Things seem to run, 
>>>>> but
>>>>> no systems can access the sysvol even after a reset, which led to 
>>>>> this
>>>>> discovery.
>>>>>
>>>>> Now, my thinking is that maybe the binaries in "/samba/bin" should be
>>>>> linked to "/bin" and the same goes for the sbin stuff. Is this my 
>>>>> issue
>>>>> or what am I looking at? Yes, I stepped into it this time...
>>>>
>>>> It would be much easier to help, if you give some information about 
>>>> your
>>>> environment.
>>>>
>>>> - smb.conf
>>>> - Samba version
>>>> - IDs, etc. configured in your backend (depending on your Idmap 
>>>> config)
>>>> - etc.
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Marc
>>>>
>>> It would also help if you followed the howto and didn't change bits 
>>> that you don't like, just why did you install into /samba instead of 
>>> /usr/local/samba ?
>>> Everything out there is based on self compiling into 
>>> /usr/local/samba, the wiki gives you the instructions based on this.
>>>
>>> having said this, it is possibly/probably a path problem, could you 
>>> please post (along with what Marc has asked for) the result of 
>>> 'samba -b'
>>>
>>> Rowland
>>
> As you say the setup does not use rfc2307. You mentioned that you 
> fixed an issue with idmap uid/gid mapping, which you fixed. Did you 
> copy idmap.ldb from dc1 to dc2? Or did you use an different one maybe 
> from an other domain as an template?
> Does wbinfo -g and -u return domain groups and users?
>
> achim~
>
>

More information about the samba mailing list