[Samba] Member Server Setup Assistance

[Rowland Penny]

On 31/12/14 18:28, James wrote:
> Hi Rowland,
>
>     passwd:         compat winbind
>     group:            compat winbind
>
> 'getent passwd tuser' results in a blank terminal line.
>
>
> On 12/31/2014 1:12 PM, Rowland Penny wrote:
>> On 31/12/14 17:55, James wrote:
>>> Hi Rowland,
>>>
>>>     I did. Unfortunately something is still amiss. I do receive a 
>>> response from 'getent group domain users'(users:x:100).
>>>
>>> On 12/31/2014 12:26 PM, Rowland Penny wrote:
>>>> On 31/12/14 17:23, James wrote:
>>>>> Rowland,
>>>>>
>>>>>     I set a user with a uid and domain users group with a gid but 
>>>>> I'm still unable to view them using 'id'. I do notice a few 
>>>>> strange observations. If I go to another user to attempt to assign 
>>>>> a uid. I get the default value of 10000. I would expect 2001 given 
>>>>> I set the first user with uid 2000. Groups however appear to 
>>>>> increment.
>>>>>
>>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote:
>>>>>> On 31/12/14 15:42, James wrote:
>>>>>>> Hello Stefan,
>>>>>>>
>>>>>>>     I learned the hard way about .local. I understand going 
>>>>>>> forward.
>>>>>>>
>>>>>>> I do have an issue with the member server. Following along with 
>>>>>>> the wiki I get stuck at 'Testing the Winbind user/group 
>>>>>>> mapping'. Wbinfo works as expected but not
>>>>>>>
>>>>>>> #*id DomainUser*
>>>>>>>
>>>>>>> #*getent passwd*
>>>>>>>
>>>>>>> #*getent group*
>>>>>>>
>>>>>>> #*chown DomainUser:DomainGroup file*
>>>>>>>
>>>>>>> #*chgrp DomainGroup file*
>>>>>>>
>>>>>>> etc.
>>>>>>>
>>>>>>> I receive 'id: sambauser: No such user'. It will only retrieve 
>>>>>>> local machine users. Let me preface by saying this is a Ubuntu 
>>>>>>> 12.04 server with Samba 4.1.14. Thanks.
>>>>>>>
>>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>> Hash: SHA1
>>>>>>>>
>>>>>>>> Hello James,
>>>>>>>>
>>>>>>>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>>>>>>> I'm following along with the wiki(Setup a Samba AD Member Server)
>>>>>>>>> and I have a question after reading the 'Set up a basic smb.conf'
>>>>>>>>> section.
>>>>>>>> Please show us your smb.conf
>>>>>>>>
>>>>>>>>   Do I need to extend the schema in order for my member server to
>>>>>>>>> successfully join and service file shares?
>>>>>>>> No, you dont have to.
>>>>>>>>
>>>>>>>> Do I need to configure a
>>>>>>>>> krb5.conf file? Thanks.
>>>>>>>> If your DC is a samba4 DC just copy krb5.conf to your new 
>>>>>>>> memberserver
>>>>>>>> Stefan
>>>>>>>>
>>>>>>>> - -- Stefan Kania
>>>>>>>> Landweg 13
>>>>>>>> 25693 St. Michaelisdonn
>>>>>>>>
>>>>>>>>
>>>>>>>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie 
>>>>>>>> ihre
>>>>>>>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>>>>>>>
>>>>>>>> Mein Schlüssel liegt auf
>>>>>>>>
>>>>>>>> hkp://subkeys.pgp.net
>>>>>>>>
>>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>>> Version: GnuPG v1
>>>>>>>>
>>>>>>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>>> =SOSt
>>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>
>>>>>>
>>>>>> If you followed the wiki, you will be using the 'ad' backend. For 
>>>>>> this to work, you need to add 'uidNumber' attributes to your 
>>>>>> users and a 'gidNumber' attribute to at least the Domain Users 
>>>>>> group. the numbers that you add must be between the range you set 
>>>>>> in your smb.conf, again if you followed the wiki, this will be 
>>>>>> between 500-40000.
>>>>>>
>>>>>> Rowland
>>>>>
>>>>
>>>> You have restarted samba, haven't you ?
>>>> You may have to wait a short time, or clear the cache with 'net 
>>>> cache flush'
>>>>
>>>> Rowland
>>>>
>>>
>> OK, can you post the 'passwd' & 'group' lines from /etc/nsswitch
>>
>> Do you get anything from 'getent passwd <a domain user>'
>>
>> Rowland
>>
>
OK, install ldb-tools if not already installed, then run:

ldbedit -e nano -H /var/lib/samba/private/sam.ldb sAMAccountName=tuser

Post the (sanitized) result

Rowland