[Samba] Member Server Setup Assistance

Wed Dec 31 11:28:43 MST 2014

Hi Rowland,

     passwd:         compat winbind
     group:            compat winbind

'getent passwd tuser' results in a blank terminal line.

On 12/31/2014 1:12 PM, Rowland Penny wrote:
> On 31/12/14 17:55, James wrote:
>> Hi Rowland,
>>
>>     I did. Unfortunately something is still amiss. I do receive a 
>> response from 'getent group domain users'(users:x:100).
>>
>> On 12/31/2014 12:26 PM, Rowland Penny wrote:
>>> On 31/12/14 17:23, James wrote:
>>>> Rowland,
>>>>
>>>>     I set a user with a uid and domain users group with a gid but 
>>>> I'm still unable to view them using 'id'. I do notice a few strange 
>>>> observations. If I go to another user to attempt to assign a uid. I 
>>>> get the default value of 10000. I would expect 2001 given I set the 
>>>> first user with uid 2000. Groups however appear to increment.
>>>>
>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote:
>>>>> On 31/12/14 15:42, James wrote:
>>>>>> Hello Stefan,
>>>>>>
>>>>>>     I learned the hard way about .local. I understand going forward.
>>>>>>
>>>>>> I do have an issue with the member server. Following along with 
>>>>>> the wiki I get stuck at 'Testing the Winbind user/group mapping'. 
>>>>>> Wbinfo works as expected but not
>>>>>>
>>>>>> #*id DomainUser*
>>>>>>
>>>>>> #*getent passwd*
>>>>>>
>>>>>> #*getent group*
>>>>>>
>>>>>> #*chown DomainUser:DomainGroup file*
>>>>>>
>>>>>> #*chgrp DomainGroup file*
>>>>>>
>>>>>> etc.
>>>>>>
>>>>>> I receive 'id: sambauser: No such user'. It will only retrieve 
>>>>>> local machine users. Let me preface by saying this is a Ubuntu 
>>>>>> 12.04 server with Samba 4.1.14. Thanks.
>>>>>>
>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>> Hash: SHA1
>>>>>>>
>>>>>>> Hello James,
>>>>>>>
>>>>>>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>>>>>> I'm following along with the wiki(Setup a Samba AD Member Server)
>>>>>>>> and I have a question after reading the 'Set up a basic smb.conf'
>>>>>>>> section.
>>>>>>> Please show us your smb.conf
>>>>>>>
>>>>>>>   Do I need to extend the schema in order for my member server to
>>>>>>>> successfully join and service file shares?
>>>>>>> No, you dont have to.
>>>>>>>
>>>>>>> Do I need to configure a
>>>>>>>> krb5.conf file? Thanks.
>>>>>>> If your DC is a samba4 DC just copy krb5.conf to your new 
>>>>>>> memberserver
>>>>>>> Stefan
>>>>>>>
>>>>>>> - -- Stefan Kania
>>>>>>> Landweg 13
>>>>>>> 25693 St. Michaelisdonn
>>>>>>>
>>>>>>>
>>>>>>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
>>>>>>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>>>>>>
>>>>>>> Mein Schlüssel liegt auf
>>>>>>>
>>>>>>> hkp://subkeys.pgp.net
>>>>>>>
>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>> Version: GnuPG v1
>>>>>>>
>>>>>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>> =SOSt
>>>>>>> -----END PGP SIGNATURE-----
>>>>>>
>>>>>
>>>>> If you followed the wiki, you will be using the 'ad' backend. For 
>>>>> this to work, you need to add 'uidNumber' attributes to your users 
>>>>> and a 'gidNumber' attribute to at least the Domain Users group. 
>>>>> the numbers that you add must be between the range you set in your 
>>>>> smb.conf, again if you followed the wiki, this will be between 
>>>>> 500-40000.
>>>>>
>>>>> Rowland
>>>>
>>>
>>> You have restarted samba, haven't you ?
>>> You may have to wait a short time, or clear the cache with 'net 
>>> cache flush'
>>>
>>> Rowland
>>>
>>
> OK, can you post the 'passwd' & 'group' lines from /etc/nsswitch
>
> Do you get anything from 'getent passwd <a domain user>'
>
> Rowland
>

-- 
-James