[Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable

Markus Roth markusroth1983 at gmx.net
Thu Aug 28 15:04:12 MDT 2014


Hi Steve,

i'm sorry but i don't get the AD-Users with getent passwd :-( Do i have any mistakes?

My steps:

1.)
/usr/local/samba/bin/ldbedit -e vi --url=/usr/local/samba/private/sam.ldb cn=Users

add gidNumber: 20513

2.)
wbinfo -i dhcpduser shows:
WINNET\dhcpduser:*:3000021:100::/home/WINNET/dhcpduser:/bin/false

3.)
/usr/local/samba/bin/ldbedit -e vi --url=/usr/local/samba/private/sam.ldb cn=dhcpduser

add gidNumber: 20513
add uidNumber: 3000021

the whole content for Users:

# editing 2 records
# record 1
dn: CN=Users,CN=Builtin,DC=winnet,DC=local
objectClass: top
objectClass: group
cn: Users
description: Users are prevented from making accidental or intentional system-
 wide changes and can run most applications
member: CN=Domain Users,CN=Users,DC=winnet,DC=local
member: CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=winnet,DC=local
member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=winnet,DC=local
instanceType: 4
whenCreated: 20140816212553.0Z
uSNCreated: 3563
name: Users
objectGUID: b61e428b-dfb4-490a-b784-1e4759e798ee
objectSid: S-1-5-32-545
sAMAccountName: Users
sAMAccountType: 536870912
systemFlags: -1946157056
groupType: -2147483643
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=winnet,DC=local
isCriticalSystemObject: TRUE
gidNumber: 20513
whenChanged: 20140828200706.0Z
uSNChanged: 4167
distinguishedName: CN=Users,CN=Builtin,DC=winnet,DC=local

# record 2
dn: CN=Users,DC=winnet,DC=local
objectClass: top
objectClass: container
cn: Users
instanceType: 4
whenCreated: 20140816212553.0Z
whenChanged: 20140816212553.0Z
uSNCreated: 3372
name: Users
objectGUID: 4c691f0a-e2b2-4110-95bc-a5d4a67060c1
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=winnet,DC=local
description: Default container for upgraded user accounts
systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE


the whole content for the dhcpduser

# editing 1 records
# record 1
dn: CN=dhcpduser,CN=Users,DC=winnet,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: dhcpduser
instanceType: 4
whenCreated: 20140824200551.0Z
uSNCreated: 3963
name: dhcpduser
objectGUID: 97cb6821-18b4-47cf-a6d9-5f73ffa1793e
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-604854294-2647735964-1380626919-1107
logonCount: 0
sAMAccountName: dhcpduser
sAMAccountType: 805306368
userPrincipalName: dhcpduser at winnet.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=winnet,DC=local
pwdLastSet: 130533843510000000
memberOf: CN=DnsAdmins,CN=Users,DC=winnet,DC=local
userAccountControl: 66048
accountExpires: 0
gidNumber: 20513
uidNumber: 3000021
whenChanged: 20140828200805.0Z
uSNChanged: 4168
distinguishedName: CN=dhcpduser,CN=Users,DC=winnet,DC=local

my sssd.conf

[sssd]
services = nss, pam
config_file_version = 2
domains = winnet.local
[nss]
[pam]
[domain/winnet.local]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
dyndns_update = False
ad_hostname = server1.winnet.local
ad_server = server1.winnet.local
ad_domain = winnet.local

 
 

Gesendet: Donnerstag, 28. August 2014 um 21:35 Uhr
Von: steve <steve at steve-ss.com>
An: "Markus Roth" <markusroth1983 at gmx.net>
Cc: samba at lists.samba.org
Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
On Thu, 2014-08-28 at 21:21 +0200, Markus Roth wrote:
> Hi Steve,
>
> yes you're right. With the winbind howto from rowland i had the ad-users via getent passwd.

But not with the values stored in AD for dhcpduser, because dhcpduser
does not have any, so sssd without idmapping sssd will return nothing
with getent.
>
> ldbedit output for example with the dhcpduser:
>
> # editing 1 records
> # record 1
> dn: CN=dhcpduser,CN=Users,DC=winnet,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: dhcpduser
> instanceType: 4
> whenCreated: 20140824200551.0Z
> uSNCreated: 3963
> name: dhcpduser
> objectGUID: 97cb6821-18b4-47cf-a6d9-5f73ffa1793e
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-604854294-2647735964-1380626919-1107
> logonCount: 0
> sAMAccountName: dhcpduser
> sAMAccountType: 805306368
> userPrincipalName: dhcpduser at winnet.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=winnet,DC=local
> pwdLastSet: 130533843510000000
> memberOf: CN=DnsAdmins,CN=Users,DC=winnet,DC=local
> userAccountControl: 66048
> accountExpires: 0
> whenChanged: 20140824200700.0Z
> uSNChanged: 3967
> distinguishedName: CN=dhcpduser,CN=Users,DC=winnet,DC=local
>
> smb.conf:
>
> # Global parameters
> [global]
> workgroup = WINNET
> realm = WINNET.LOCAL
> netbios name = SERVER1
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/winnet.local/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> --------------------------------------------------------------------------------------------------------------------------
>

OK. Now use ldbedit to add some attributes to dhcpduser. In this
example, I'll use steve2 as an example domain user.

1. add to Domian Users:
gidNumber: 20513

2. wbinfo -i steve2
wbinfo -i steve2
HH3\steve2:*:3000021:100::/home/HH3/steve2:/bin/false

3. Add to steve2:
uidNumber: 3000021
gidNumber: 20513

For steps 1 and 3, use ldbedit.

getent will now work with the configuration which you posted for sssd.
It would be a really good exercise to work out why.
HTH,
Steve



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


More information about the samba mailing list