[Samba] Domain users not resolving...
Ryan Ashley
ryana at reachtechfp.com
Mon Aug 25 06:59:29 MDT 2014
On 08/23/2014 04:26 AM, Rowland Penny wrote:
> On 23/08/14 01:19, Ryan Ashley wrote:
>> Rowland, I did not do this. This is a new client who dropped their
>> old IT support due to issues on the network. I found out it was not
>> having access to the sysvol. That is where I figured out what I have.
>> I do use FHS in my builds, but I would never put it into a root
>> directory like this. I guess the other team was testing Samba and
>> using a client to test on! I do agree 100% that the issue is the
>> path. However, I can feel good that I didn't do such a bone-headed move!
>>
>> Sorry for the lack of files, I had to figure out how it was set up.
>> Everything, including the configuration file is in "/samba", which
>> appears to be a separate partition. Here is what you requested.
>>
>> Samba 4.1.11 64bit
>> Debian Squeeze 64bit
>>
>> =========
>> smb.conf:
>> =========
>> # Global parameters
>> [global]
>> workgroup = DOMAIN
>> realm = DOMAIN.LOCAL
>> netbios name = DC01
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbind, ntp_signd, kcc, dnsupdate
>> interfaces = 127.0.0.1, 192.168.0.1
>>
>> [netlogon]
>> path = /samba/var/locks/sysvol/kigm.local/scripts
>> read only = No
>>
>> [sysvol]
>> path = /samba/var/locks/sysvol
>> read only = No
>>
>> =========
>> krb5.conf:
>> =========
>> [libdefaults]
>> default_realm = DOMAIN.LOCAL
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> =================
>> Rowland's Request:
>> =================
>> root at dc01:~# /samba/sbin/samba -b
>> Samba version: 4.1.11
>> Build environment:
>> Build host: Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35
>> UTC 2014 x86_64 GNU/Linux
>> Paths:
>> BINDIR: /samba/bin
>> SBINDIR: /samba/sbin
>> CONFIGFILE: /samba/etc/smb.conf
>> NCALRPCDIR: /samba/var/run/ncalrpc
>> LOGFILEBASE: /samba/var
>> LMHOSTSFILE: /samba/etc/lmhosts
>> DATADIR: /samba/share
>> MODULESDIR: /samba/lib
>> LOCKDIR: /samba/var/lock
>> STATEDIR: /samba/var/locks
>> CACHEDIR: /samba/var/cache
>> PIDDIR: /samba/var/run
>> PRIVATE_DIR: /samba/private
>> CODEPAGEDIR: /samba/share/codepages
>> SETUPDIR: /samba/share/setup
>> WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
>> WINBINDD_PRIVILEGED_SOCKET_DIR: /samba/var/lib/winbindd_privileged
>> NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd
>>
>> No ID's have been setup. The rfc2307 stuff is there, but they're not
>> using it. They have two Samba DC's and everything else is Windows 7.
>> They were using rsync to sync the sysvol, which had caused issues
>> with GID/UID on the second DC, but I fixed that already. Well, tried
>> to anyway. It is setup the EXACT same way. It also has issues with
>> this stuff.
>>
>> I have a theory as to how to fix this but want advice first. If I am
>> wrong, so be it. I would like to build Samba the STANDARD way (FHS,
>> bin files go to /bin, etc) but have one concern. If I do this, do I
>> simply need to adjust the paths in the configuration file and move
>> the sysvol to the proper location? On all of the systems I do, this
>> is always "/var/lib/samba/sysvol". I would obviously have to move the
>> tdb files and such to "/var/lib/samba" as well. Would that work, or
>> am I going to have to deal with this the way it is?
>>
>> If you need anything else, please ask. Remember, this is a DC and
>> while rfc2307 attributes exist, they're not being used. Probably due
>> to no Linux member servers.
>>
>> On 8/22/2014 4:54 PM, Rowland Penny wrote:
>>> On 22/08/14 21:40, Marc Muehlfeld wrote:
>>>> Hello,
>>>>
>>>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
>>>>> I stepped into a setup where Samba was compiled and installed into
>>>>> "/samba". The configure command on the DC is "configure
>>>>> --prefix=/samba". The links for libnss_wins.so.2 and
>>>>> libnss_winbind.so.2
>>>>> are there and nsswitch.conf is told to use winbind. However, "getent
>>>>> group" returns only local users, "id" finds NO domain users, and
>>>>> "getent
>>>>> passwd" returns only local users. I did do a rebuild of Samba after
>>>>> verifying the dependencies were there and configured/installed the
>>>>> same
>>>>> way so everything is in place. Still no dice. This guy was still
>>>>> running
>>>>> Debian Squeeze so the install is probably old. Things seem to run,
>>>>> but
>>>>> no systems can access the sysvol even after a reset, which led to
>>>>> this
>>>>> discovery.
>>>>>
>>>>> Now, my thinking is that maybe the binaries in "/samba/bin" should be
>>>>> linked to "/bin" and the same goes for the sbin stuff. Is this my
>>>>> issue
>>>>> or what am I looking at? Yes, I stepped into it this time...
>>>>
>>>> It would be much easier to help, if you give some information about
>>>> your
>>>> environment.
>>>>
>>>> - smb.conf
>>>> - Samba version
>>>> - IDs, etc. configured in your backend (depending on your Idmap
>>>> config)
>>>> - etc.
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Marc
>>>>
>>> It would also help if you followed the howto and didn't change bits
>>> that you don't like, just why did you install into /samba instead of
>>> /usr/local/samba ?
>>> Everything out there is based on self compiling into
>>> /usr/local/samba, the wiki gives you the instructions based on this.
>>>
>>> having said this, it is possibly/probably a path problem, could you
>>> please post (along with what Marc has asked for) the result of
>>> 'samba -b'
>>>
>>> Rowland
>>
> OK, what does 'echo "$PATH"' return, does it have '/samba/sbin' &
> '/samba/bin' in it ?
>
> If not, try this:
>
> export PATH=/samba/sbin:/samba/bin:$PATH
>
> if everything now works correctly, do this:
>
> echo "PATH=/samba/sbin:/samba/bin:$PATH" > /etc/profile.d/samba4.sh
>
> Rowland
Rowland, nothing in /samba is in the path. I had already tried your
suggestion, but I did it again this morning and here are my results. It
does not fix the issue. I also included some configuration files and such.
root at dc01:~# echo "$PATH"
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
root at dc01:~# export PATH=$PATH:/samba/bin:/samba/sbin
root at dc01:~# id maliag
id: maliag: No such user
root at dc01:~# id michaelh
id: michaelh: No such user
root at dc01:~# getent passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
ntp:x:101:103::/home/ntp:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
bind:x:103:105::/var/cache/bind:/bin/false
root at dc01:~# cat /samba/etc/smb.conf
# Global parameters
[global]
workgroup = KIGM
realm = KIGM.LOCAL
netbios name = DC01
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
interfaces = 127.0.0.1, 192.168.0.1
[netlogon]
path = /samba/var/locks/sysvol/kigm.local/scripts
read only = No
[sysvol]
path = /samba/var/locks/sysvol
read only = No
root at dc01:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
root at dc01:~# wbinfo -g
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy
Operations
AV
Graphics
WAFA
Finance
Logos
Streaming
root at dc01:~# cat /etc/krb5.conf
[libdefaults]
default_realm = KIGM.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
Thanks for the help. What about my suggestion to perform a normal
install per the book and then move everything in /samba/var/lib to the
correct location? Would that not work? I agree with you that this issue
is caused by the odd install location.
More information about the samba
mailing list