[Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
Rowland Penny
rowlandpenny at googlemail.com
Fri Aug 29 11:40:16 MDT 2014
On 29/08/14 18:28, Markus Roth wrote:
> Hi Steve,
>
> oh, sorry my mistake :-( i have deleted the gidNumber from the users group and added it to the Domain Users group. Then i restart samba4, delete the sssd-cache and restarted sssd, but
> i don't get the AD-Users via getent passwd :-( I don't know why...
>
> Below the output from Domain Users, dhcpduser and getent passwd:
>
> Domain Users:
>
> # editing 1 records
> # record 1
> dn: CN=Domain Users,CN=Users,DC=winnet,DC=local
> objectClass: top
> objectClass: group
> cn: Domain Users
> description: All domain users
> instanceType: 4
> whenCreated: 20140816212553.0Z
> uSNCreated: 3541
> name: Domain Users
> objectGUID: aeaa3a43-89a0-4e3d-ae4a-3e9639256ddc
> objectSid: S-1-5-21-604854294-2647735964-1380626919-513
> sAMAccountName: Domain Users
> sAMAccountType: 268435456
> groupType: -2147483646
> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=winnet,DC=local
> isCriticalSystemObject: TRUE
> memberOf: CN=Users,CN=Builtin,DC=winnet,DC=local
> gidNumber: 20513
> whenChanged: 20140829170733.0Z
> uSNChanged: 4172
> distinguishedName: CN=Domain Users,CN=Users,DC=winnet,DC=local
>
> dhcpduser:
>
> # editing 1 records
> # record 1
> dn: CN=dhcpduser,CN=Users,DC=winnet,DC=local
> cn: dhcpduser
> instanceType: 4
> whenCreated: 20140824200551.0Z
> uSNCreated: 3963
> name: dhcpduser
> objectGUID: 97cb6821-18b4-47cf-a6d9-5f73ffa1793e
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-604854294-2647735964-1380626919-1107
> logonCount: 0
> sAMAccountName: dhcpduser
> sAMAccountType: 805306368
> userPrincipalName: dhcpduser at winnet.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=winnet,DC=local
> pwdLastSet: 130533843510000000
> memberOf: CN=DnsAdmins,CN=Users,DC=winnet,DC=local
> userAccountControl: 66048
> accountExpires: 0
> gidNumber: 20513
> uidNumber: 3000021
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> whenChanged: 20140828211144.0Z
> "/tmp/ldbedit.kwLixh" 37L, 950C
Hi, two things, you created 'dhcpduser' as the user for my Bind9/DHCP
update script and as such, this user should never be used as a normal
user, secondly you do not need the 'posixAccount' objectClass.
>
> getent passwd:
>
> [root at server1 ~]# getent passwd
> root:x:0:0:root:/root:/bin/bash
> bin:x:1:1:bin:/bin:/sbin/nologin
> daemon:x:2:2:daemon:/sbin:/sbin/nologin
> adm:x:3:4:adm:/var/adm:/sbin/nologin
> lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
> sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/halt
> mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
> operator:x:11:0:operator:/root:/sbin/nologin
> games:x:12:100:games:/usr/games:/sbin/nologin
> ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
> nobody:x:99:99:Nobody:/:/sbin/nologin
> dbus:x:81:81:System message bus:/:/sbin/nologin
> polkitd:x:999:998:User for polkitd:/:/sbin/nologin
> unbound:x:998:997:Unbound DNS resolver:/etc/unbound:/sbin/nologin
> colord:x:997:996:User for colord:/var/lib/colord:/sbin/nologin
> usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
> avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
> avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
> saslauth:x:996:76:"Saslauthd user":/run/saslauthd:/sbin/nologin
> qemu:x:107:107:qemu user:/:/sbin/nologin
> libstoragemgmt:x:995:994:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
> rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
> rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
> nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
> rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
> radvd:x:75:75:radvd user:/:/sbin/nologin
> ntp:x:38:38::/etc/ntp:/sbin/nologin
> chrony:x:994:993::/var/lib/chrony:/sbin/nologin
> abrt:x:173:173::/etc/abrt:/sbin/nologin
> pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
> gdm:x:42:42::/var/lib/gdm:/sbin/nologin
> gnome-initial-setup:x:993:991::/run/gnome-initial-setup/:/sbin/nologin
> postfix:x:89:89::/var/spool/postfix:/sbin/nologin
> sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
> tcpdump:x:72:72::/:/sbin/nologin
> verwaltung:x:1000:1000:verwaltung:/home/verwaltung:/bin/bash
> named:x:25:25:Named:/var/named:/sbin/nologin
> dhcpd:x:177:177:DHCP server:/:/sbin/nologin
>
> getent passwd dhcpduser
>
> [root at server1 ~]# getent passwd dhcpduser
> dhcpduser:*:3000021:20513:dhcpduser:/:
>
Have you got enumeration turned off in sssd.conf ?
Rowland
>
>
> Gesendet: Freitag, 29. August 2014 um 09:28 Uhr
> Von: steve <steve at steve-ss.com>
> An: "Markus Roth" <markusroth1983 at gmx.net>
> Cc: samba at lists.samba.org
> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
> On Thu, 2014-08-28 at 23:04 +0200, Markus Roth wrote:
>> Hi Steve,
>>
>> i'm sorry but i don't get the AD-Users with getent passwd :-( Do i have any mistakes?
>>
>> My steps:
>
>> 1.)
>> /usr/local/samba/bin/ldbedit -e vi --url=/usr/local/samba/private/sam.ldb cn=Users
> Oh dear. No.
> Hi
> Markus, please understand that we are trying to add gidNumber to your
> domain group "Domain Users" (please use quotes as there is a space in
> Domain Users).
>> add gidNumber: 20513
> ldbedit --url=/usr/local/samba/private/sam.ldb cn="Domain Users"
>
> Now, go back and remoce gidNumber from Users and add it to Doamin Users
> instead.
>
> Now it will work. . .
> HTH,
> Steve
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list