[Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable

Fri Aug 29 12:43:07 MDT 2014

On 29/08/14 19:33, Markus Roth wrote:
> Hi Rowland,
>   
> ok, but the dhcpduser only works with your script when i get it via getent passwd. Otherwise i get the exit 256 message. With enumerate = true now i see the users via getent passwd. Your script
> is now also functional again. But:
>
> 1)
> is it correct that it shows the users without the domain? Or do i still have a mistake in my configs?

I just use the builtin winbind on the AD DC along with Bind9 & DHCP, if 
I run getent passwd I get this:

EXAMPLE\dhcpduser:*:3000018:10000::/home/EXAMPLE/dhcpduser:/bin/false

But if I remember correctly from when I did run sssd on the DC, I got 
Something like this:

dhcpduser:*:3000018:10000::/home/dhcpduser:/bin/bash

If you have the unix attributes in AD and set sssd to use them, the 
users attributes will be used instead of the ones that the builtin ones, 
this includes not showing the domain name.

I might add that I only use the DC for authentication.

Rowland

>
> getent passwd for my two domain users:
>
> dhcpduser:*:3000021:20513:dhcpduser:/:
> markus:*:3000022:20513:markus:/:
>
> and
> 2)
> is it also correct that i have to manual add the gidNumber and uidNumber again for the new user markus and that i have to clean the sssd cache and restart the sssd daemon?
>
> Gesendet: Freitag, 29. August 2014 um 20:08 Uhr
> Von: "Rowland Penny" <rowlandpenny at googlemail.com>
> An: Kein Empfänger
> Cc: samba at lists.samba.org
> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
> On 29/08/14 18:59, Markus Roth wrote:
>> Hi Rowland,
>>
>> i wouldn't use the dhcpduser as a normal user. But when i'd like to use your dhcp-script with sssd i thougt i take this one, because when i would see the dhcpduser with getent passwd your script is
>> working again.
> All the 'dhcpduser' is for, is to get a keytab, it doesn't need a
> Uidnumber, please create a separate new user to 'play' with. ;-)
>> i know that with the posixaccounts from the samba wiki yesterday, but i'm hopless know and thougt i try it...
>> I set enumerate = false in the [domain/winnet.local] section, stop sssd, delete the sssd-cache and start sssd. Unfortunately the same problem :-(
> Well you will have, 'enumerate = false' stops sssd listing the users
> en-mass, so you will not get any domain users from AD from 'getent
> passwd' but you will get a users details from 'getent passwd <username>'
>
> If you want getent to list all domain users, change 'enumerate = false'
> to 'enumerate = true'
>
> Rowland
>
>> should i post my configs again? Or could it be that the problem occurs from my centos7? I installed sssd with the packet manager yum. In this case it also installed separate samba4-libs.
>> Is this a problem?
>>
>>
>>> Hi, two things, you created 'dhcpduser' as the user for my Bind9/DHCP
>>> update script and as such, this user should never be used as a normal
>>> user, secondly you do not need the 'posixAccount' objectClass.
>>>
>>>
>>>
>>> Have you got enumeration turned off in sssd.conf ?
>>>
>>> Rowland
>>>
>>> Gesendet: Freitag, 29. August 2014 um 09:28 Uhr
>>> Von: steve <steve at steve-ss.com>
>>> An: "Markus Roth" <markusroth1983 at gmx.net>
>>> Cc: samba at lists.samba.org
>>> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup Zoneable
>>> On Thu, 2014-08-28 at 23:04 +0200, Markus Roth wrote:
>>>> Hi Steve,
>>>>
>>>> i'm sorry but i don't get the AD-Users with getent passwd :-( Do i have any mistakes?
>>>>
>>>> My steps:
>>>> 1.)
>>>> /usr/local/samba/bin/ldbedit -e vi --url=/usr/local/samba/private/sam.ldb cn=Users
>>> Oh dear. No.
>>> Hi
>>> Markus, please understand that we are trying to add gidNumber to your
>>> domain group "Domain Users" (please use quotes as there is a space in
>>> Domain Users).
>>>> add gidNumber: 20513
>>> ldbedit --url=/usr/local/samba/private/sam.ldb cn="Domain Users"
>>>
>>> Now, go back and remoce gidNumber from Users and add it to Doamin Users
>>> instead.
>>>
>>> Now it will work. . .
>>> HTH,
>>> Steve
>>>
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba][https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]]
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba[https://lists.samba.org/mailman/options/samba]