[Samba] Member Server Setup Assistance

James lingpanda101 at gmail.com
Wed Dec 31 12:07:59 MST 2014 

Rowland,

     I decided to start over with a fresh install and attempted again. 
Only change I made was to start my mappings at 10000. I gave 'Domain 
Users' group gid 10000 and 'tuser' has uid 10001. Still didn't work btw.

  dn: CN=Test User,CN=Users,DC=domain,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Test User
sn: User
givenName: Test
instanceType: 4
whenCreated: 20141231172021.0Z
displayName: Test User
uSNCreated: 477557
name: Test User
objectGUID: 90f95763-fe52-42b9-af86-8a84a4d5dd78
userAccountControl: 66048
codePage: 0
countryCode: 0
pwdLastSet: 130645200220000000
primaryGroupID: 513
objectSid: S-1-5-21-940051827-2291820289-3341758437-3126
accountExpires: 9223372036854775807
sAMAccountName: tuser
sAMAccountType: 805306368
userPrincipalName: tuser at domain.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local
unixUserPassword: ABCD!efgh12345$67890
uid: tuser
msSFU30Name: tuser
msSFU30NisDomain: domain
uidNumber: 10001
loginShell: /bin/sh
unixHomeDirectory: /home/tuser
gidNumber: 10000
whenChanged: 20141231185807.0Z
uSNChanged: 477620
distinguishedName: CN=Test User,CN=Users,DC=domain,DC=local


On 12/31/2014 1:50 PM, Rowland Penny wrote:
> On 31/12/14 18:28, James wrote:
>> Hi Rowland,
>>
>>     passwd:         compat winbind
>>     group:            compat winbind
>>
>> 'getent passwd tuser' results in a blank terminal line.
>>
>>
>> On 12/31/2014 1:12 PM, Rowland Penny wrote:
>>> On 31/12/14 17:55, James wrote:
>>>> Hi Rowland,
>>>>
>>>>     I did. Unfortunately something is still amiss. I do receive a 
>>>> response from 'getent group domain users'(users:x:100).
>>>>
>>>> On 12/31/2014 12:26 PM, Rowland Penny wrote:
>>>>> On 31/12/14 17:23, James wrote:
>>>>>> Rowland,
>>>>>>
>>>>>>     I set a user with a uid and domain users group with a gid but 
>>>>>> I'm still unable to view them using 'id'. I do notice a few 
>>>>>> strange observations. If I go to another user to attempt to 
>>>>>> assign a uid. I get the default value of 10000. I would expect 
>>>>>> 2001 given I set the first user with uid 2000. Groups however 
>>>>>> appear to increment.
>>>>>>
>>>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote:
>>>>>>> On 31/12/14 15:42, James wrote:
>>>>>>>> Hello Stefan,
>>>>>>>>
>>>>>>>>     I learned the hard way about .local. I understand going 
>>>>>>>> forward.
>>>>>>>>
>>>>>>>> I do have an issue with the member server. Following along with 
>>>>>>>> the wiki I get stuck at 'Testing the Winbind user/group 
>>>>>>>> mapping'. Wbinfo works as expected but not
>>>>>>>>
>>>>>>>> #*id DomainUser*
>>>>>>>>
>>>>>>>> #*getent passwd*
>>>>>>>>
>>>>>>>> #*getent group*
>>>>>>>>
>>>>>>>> #*chown DomainUser:DomainGroup file*
>>>>>>>>
>>>>>>>> #*chgrp DomainGroup file*
>>>>>>>>
>>>>>>>> etc.
>>>>>>>>
>>>>>>>> I receive 'id: sambauser: No such user'. It will only retrieve 
>>>>>>>> local machine users. Let me preface by saying this is a Ubuntu 
>>>>>>>> 12.04 server with Samba 4.1.14. Thanks.
>>>>>>>>
>>>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>> Hash: SHA1
>>>>>>>>>
>>>>>>>>> Hello James,
>>>>>>>>>
>>>>>>>>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>>>>>>>> I'm following along with the wiki(Setup a Samba AD Member 
>>>>>>>>>> Server)
>>>>>>>>>> and I have a question after reading the 'Set up a basic 
>>>>>>>>>> smb.conf'
>>>>>>>>>> section.
>>>>>>>>> Please show us your smb.conf
>>>>>>>>>
>>>>>>>>>   Do I need to extend the schema in order for my member server to
>>>>>>>>>> successfully join and service file shares?
>>>>>>>>> No, you dont have to.
>>>>>>>>>
>>>>>>>>> Do I need to configure a
>>>>>>>>>> krb5.conf file? Thanks.
>>>>>>>>> If your DC is a samba4 DC just copy krb5.conf to your new 
>>>>>>>>> memberserver
>>>>>>>>> Stefan
>>>>>>>>>
>>>>>>>>> - -- Stefan Kania
>>>>>>>>> Landweg 13
>>>>>>>>> 25693 St. Michaelisdonn
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie 
>>>>>>>>> ihre
>>>>>>>>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>>>>>>>>
>>>>>>>>> Mein Schlüssel liegt auf
>>>>>>>>>
>>>>>>>>> hkp://subkeys.pgp.net
>>>>>>>>>
>>>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>>>> Version: GnuPG v1
>>>>>>>>>
>>>>>>>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>>>> =SOSt
>>>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>>
>>>>>>>
>>>>>>> If you followed the wiki, you will be using the 'ad' backend. 
>>>>>>> For this to work, you need to add 'uidNumber' attributes to your 
>>>>>>> users and a 'gidNumber' attribute to at least the Domain Users 
>>>>>>> group. the numbers that you add must be between the range you 
>>>>>>> set in your smb.conf, again if you followed the wiki, this will 
>>>>>>> be between 500-40000.
>>>>>>>
>>>>>>> Rowland
>>>>>>
>>>>>
>>>>> You have restarted samba, haven't you ?
>>>>> You may have to wait a short time, or clear the cache with 'net 
>>>>> cache flush'
>>>>>
>>>>> Rowland
>>>>>
>>>>
>>> OK, can you post the 'passwd' & 'group' lines from /etc/nsswitch
>>>
>>> Do you get anything from 'getent passwd <a domain user>'
>>>
>>> Rowland
>>>
>>
> OK, install ldb-tools if not already installed, then run:
>
> ldbedit -e nano -H /var/lib/samba/private/sam.ldb sAMAccountName=tuser
>
> Post the (sanitized) result
>
> Rowland
>

-- 
-James

More information about the samba mailing list