[Samba] Domain users not resolving...

steve steve at steve-ss.com
Mon Aug 25 07:34:28 MDT 2014 

On Mon, 2014-08-25 at 08:59 -0400, Ryan Ashley wrote:
> On 08/23/2014 04:26 AM, Rowland Penny wrote:
> > On 23/08/14 01:19, Ryan Ashley wrote:
> >> Rowland, I did not do this. This is a new client who dropped their 
> >> old IT support due to issues on the network. I found out it was not 
> >> having access to the sysvol. That is where I figured out what I have. 
> >> I do use FHS in my builds, but I would never put it into a root 
> >> directory like this. I guess the other team was testing Samba and 
> >> using a client to test on! I do agree 100% that the issue is the 
> >> path. However, I can feel good that I didn't do such a bone-headed move!
> >>
> >> Sorry for the lack of files, I had to figure out how it was set up. 
> >> Everything, including the configuration file is in "/samba", which 
> >> appears to be a separate partition. Here is what you requested.
> >>
> >> Samba 4.1.11 64bit
> >> Debian Squeeze 64bit
> >>
> >> =========
> >> smb.conf:
> >> =========
> >> # Global parameters
> >> [global]
> >>         workgroup = DOMAIN
> >>         realm = DOMAIN.LOCAL
> >>         netbios name = DC01
> >>         server role = active directory domain controller
> >>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> >> drepl, winbind, ntp_signd, kcc, dnsupdate
> >>         interfaces = 127.0.0.1, 192.168.0.1
> >>
> >> [netlogon]
> >>         path = /samba/var/locks/sysvol/kigm.local/scripts
> >>         read only = No
> >>
> >> [sysvol]
> >>         path = /samba/var/locks/sysvol
> >>         read only = No
> >>
> >> =========
> >> krb5.conf:
> >> =========
> >> [libdefaults]
> >>         default_realm = DOMAIN.LOCAL
> >>         dns_lookup_realm = false
> >>         dns_lookup_kdc = true
> >>
> >> =================
> >> Rowland's Request:
> >> =================
> >> root at dc01:~# /samba/sbin/samba -b
> >> Samba version: 4.1.11
> >> Build environment:
> >>    Build host:  Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 
> >> UTC 2014 x86_64 GNU/Linux
> >> Paths:
> >>    BINDIR: /samba/bin
> >>    SBINDIR: /samba/sbin
> >>    CONFIGFILE: /samba/etc/smb.conf
> >>    NCALRPCDIR: /samba/var/run/ncalrpc
> >>    LOGFILEBASE: /samba/var
> >>    LMHOSTSFILE: /samba/etc/lmhosts
> >>    DATADIR: /samba/share
> >>    MODULESDIR: /samba/lib
> >>    LOCKDIR: /samba/var/lock
> >>    STATEDIR: /samba/var/locks
> >>    CACHEDIR: /samba/var/cache
> >>    PIDDIR: /samba/var/run
> >>    PRIVATE_DIR: /samba/private
> >>    CODEPAGEDIR: /samba/share/codepages
> >>    SETUPDIR: /samba/share/setup
> >>    WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
> >>    WINBINDD_PRIVILEGED_SOCKET_DIR: /samba/var/lib/winbindd_privileged
> >>    NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd
> >>
> >> No ID's have been setup. The rfc2307 stuff is there, but they're not 
> >> using it. They have two Samba DC's and everything else is Windows 7. 
> >> They were using rsync to sync the sysvol, which had caused issues 
> >> with GID/UID on the second DC, but I fixed that already. Well, tried 
> >> to anyway. It is setup the EXACT same way. It also has issues with 
> >> this stuff.
> >>
> >> I have a theory as to how to fix this but want advice first. If I am 
> >> wrong, so be it. I would like to build Samba the STANDARD way (FHS, 
> >> bin files go to /bin, etc) but have one concern. If I do this, do I 
> >> simply need to adjust the paths in the configuration file and move 
> >> the sysvol to the proper location? On all of the systems I do, this 
> >> is always "/var/lib/samba/sysvol". I would obviously have to move the 
> >> tdb files and such to "/var/lib/samba" as well. Would that work, or 
> >> am I going to have to deal with this the way it is?
> >>
> >> If you need anything else, please ask. Remember, this is a DC and 
> >> while rfc2307 attributes exist, they're not being used. Probably due 
> >> to no Linux member servers.
> >>
> >> On 8/22/2014 4:54 PM, Rowland Penny wrote:
> >>> On 22/08/14 21:40, Marc Muehlfeld wrote:
> >>>> Hello,
> >>>>
> >>>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
> >>>>> I stepped into a setup where Samba was compiled and installed into
> >>>>> "/samba". The configure command on the DC is "configure
> >>>>> --prefix=/samba". The links for libnss_wins.so.2 and 
> >>>>> libnss_winbind.so.2
> >>>>> are there and nsswitch.conf is told to use winbind. However, "getent
> >>>>> group" returns only local users, "id" finds NO domain users, and 
> >>>>> "getent
> >>>>> passwd" returns only local users. I did do a rebuild of Samba after
> >>>>> verifying the dependencies were there and configured/installed the 
> >>>>> same
> >>>>> way so everything is in place. Still no dice. This guy was still 
> >>>>> running
> >>>>> Debian Squeeze so the install is probably old. Things seem to run, 
> >>>>> but
> >>>>> no systems can access the sysvol even after a reset, which led to 
> >>>>> this
> >>>>> discovery.
> >>>>>
> >>>>> Now, my thinking is that maybe the binaries in "/samba/bin" should be
> >>>>> linked to "/bin" and the same goes for the sbin stuff. Is this my 
> >>>>> issue
> >>>>> or what am I looking at? Yes, I stepped into it this time...
> >>>>
> >>>> It would be much easier to help, if you give some information about 
> >>>> your
> >>>> environment.
> >>>>
> >>>> - smb.conf
> >>>> - Samba version
> >>>> - IDs, etc. configured in your backend (depending on your Idmap 
> >>>> config)
> >>>> - etc.
> >>>>
> >>>>
> >>>>
> >>>> Regards,
> >>>> Marc
> >>>>
> >>> It would also help if you followed the howto and didn't change bits 
> >>> that you don't like, just why did you install into /samba instead of 
> >>> /usr/local/samba ?
> >>> Everything out there is based on self compiling into 
> >>> /usr/local/samba, the wiki gives you the instructions based on this.
> >>>
> >>> having said this, it is possibly/probably a path problem, could you 
> >>> please post (along with what Marc has asked for) the result of 
> >>> 'samba -b'
> >>>
> >>> Rowland
> >>
> > OK, what does 'echo "$PATH"' return, does it have '/samba/sbin' & 
> > '/samba/bin' in it ?
> >
> > If not, try this:
> >
> > export PATH=/samba/sbin:/samba/bin:$PATH
> >
> > if everything now works correctly, do this:
> >
> > echo "PATH=/samba/sbin:/samba/bin:$PATH" > /etc/profile.d/samba4.sh
> >
> > Rowland
> Rowland, nothing in /samba is in the path. I had already tried your 
> suggestion, but I did it again this morning and here are my results. It 
> does not fix the issue. I also included some configuration files and such.
> 
> root at dc01:~# echo "$PATH"
> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

export PATH=/samba/sbin:/samba/bin:$PATH
Now quit and log back in again.

More information about the samba mailing list