[Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable

steve steve at steve-ss.com
Thu Aug 28 13:35:58 MDT 2014 

On Thu, 2014-08-28 at 21:21 +0200, Markus Roth wrote:
> Hi Steve,
> 
> yes you're right. With the winbind howto from rowland i had the ad-users via getent passwd. 

But not with the values stored in AD for dhcpduser, because dhcpduser
does not have any, so sssd without idmapping sssd will return nothing
with getent.
> 
> ldbedit output for example with the dhcpduser:
> 
> # editing 1 records
> # record 1
> dn: CN=dhcpduser,CN=Users,DC=winnet,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: dhcpduser
> instanceType: 4
> whenCreated: 20140824200551.0Z
> uSNCreated: 3963
> name: dhcpduser
> objectGUID: 97cb6821-18b4-47cf-a6d9-5f73ffa1793e
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-604854294-2647735964-1380626919-1107
> logonCount: 0
> sAMAccountName: dhcpduser
> sAMAccountType: 805306368
> userPrincipalName: dhcpduser at winnet.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=winnet,DC=local
> pwdLastSet: 130533843510000000
> memberOf: CN=DnsAdmins,CN=Users,DC=winnet,DC=local
> userAccountControl: 66048
> accountExpires: 0
> whenChanged: 20140824200700.0Z
> uSNChanged: 3967
> distinguishedName: CN=dhcpduser,CN=Users,DC=winnet,DC=local
> 
> smb.conf:
> 
> # Global parameters
> [global]
>         workgroup = WINNET
>         realm = WINNET.LOCAL
>         netbios name = SERVER1
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
>         idmap_ldb:use rfc2307 = yes
> 
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/winnet.local/scripts
>         read only = No
> 
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
> 
> -------------------------------------------------------------------------------------------------------------------------- 
>  

OK. Now use ldbedit to add some attributes to dhcpduser. In this
example, I'll use steve2 as an example domain user.

1. add to Domian Users:
gidNumber: 20513

2. wbinfo -i steve2
wbinfo -i steve2
HH3\steve2:*:3000021:100::/home/HH3/steve2:/bin/false

3. Add to steve2:
uidNumber: 3000021
gidNumber: 20513

For steps 1 and 3, use ldbedit.

getent will now work with the configuration which you posted for sssd.
It would be a really good exercise to work out why.
HTH,
Steve

More information about the samba mailing list