[Samba] sssd + samba4 not working (yet)

steve steve at steve-ss.com
Wed Feb 19 06:52:21 MST 2014 

On Wed, 2014-02-19 at 13:52 +0100, Kenneth Westelinck wrote:
> Thanks.
> - I compiled Samba 4.1.4 for Wheezy from sernet's package sources
> - I am compiling sssd 1.11.3 from Sid on Wheezy (it is compiling as we
> speak, I hope)
> Thanks for offering packages, but I'm on ARM and I don't have a Debian
> Intel machine to cross-compile :)
> 
> If sssd is not supported, why bother documenting it:
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd:)
> 
Samba _developers_ don't support it. Many others do however.

> I'll see if I have better luck with sssd 1.11.3 and try to read-up on
> documentation on the sssd side. Keep you posted.

Hi, from the sssd thread on sssd-dev, the only reason sssd is not
working as you expect is because you do not have uidNumber nor gidNumber
specified in the DN's of your users and/or groups.
S

> 
> 
> On Wed, Feb 19, 2014 at 1:36 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:
> 
> > Ai...
> >
> > and i forgot to mention.
> >
> > SSSD is NOT supported by samba developers, questions about it ask on the
> > sssd mailing list.
> >
> > ;-)
> >
> > You better go and try samba4 winbind, i has all you need.
> > and these questions you can ask here ..
> >
> > Regards,
> >
> > Louis
> >
> > >-----Oorspronkelijk bericht-----
> > >Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org]
> > >Namens L.P.H. van Belle
> > >Verzonden: woensdag 19 februari 2014 13:33
> > >Aan: Kenneth Westelinck
> > >CC: samba at lists.samba.org
> > >Onderwerp: Re: [Samba] sssd + samba4 not working (yet)
> > >
> > >google for : "If people want, this is how:  samba 4.1.3 and
> > >sssd 1.11.3 for debian wheezy"
> > >and here you go:
> > >https://lists.samba.org/archive/samba/2014-January/177934.html
> > >outlined what you need.
> > >
> > >The order of the file you install with dpkg -i must be
> > >correct. ( or setup a apt repo )
> > >and you need samba-dev for sssd to compile, so first samba,
> > >and all samba depends.
> > >
> > >I did it..  its do-able.
> > >and tip samba 4.1.4 is hard to do, didnt work for me last
> > >time, so pik the source of 4.1.3 and start compileing
> > >
> > >and if you ask nice i can put them online, but only for a short time.
> > >I dont have the needed line atm for everybody.
> > >
> > >I have the source and packages there if you want.  ( with
> > >needed depends )
> > >
> > > apt-cache policy sssd-ad
> > >sssd-ad:
> > >  Installed: 1.11.3-1
> > >  Candidate: 1.11.3-1
> > >  Version table:
> > > *** 1.11.3-1 0
> > >        700 http://CENCORED/debian/wheezy/amd64/  Packages
> > >        100 /var/lib/dpkg/status
> > >
> > >
> > >apt-cache policy samba
> > >samba:
> > >  Installed: 2:4.1.3+dfsg-2
> > >  Candidate: 2:4.1.3+dfsg-2
> > >  Version table:
> > > *** 2:4.1.3+dfsg-2 0
> > >        700 http://CENCORED/debian/wheezy/amd64/  Packages
> > >        100 /var/lib/dpkg/status
> > >
> > >and tip, if you start compiling, i advice to use your own
> > >compiles samba4 and not the backports.
> > >this is because of needed depends for compiling.
> > >you can try but i didnt test that mix
> > >
> > >
> > >Best regards,
> > >
> > >Louis
> > >
> > >
> > >
> > >>-----Oorspronkelijk bericht-----
> > >>Van: kenneth.westelinck at gmail.com
> > >>[mailto:samba-bounces at lists.samba.org] Namens Kenneth Westelinck
> > >>Verzonden: woensdag 19 februari 2014 12:58
> > >>Aan: steve
> > >>CC: samba at lists.samba.org
> > >>Onderwerp: Re: [Samba] sssd + samba4 not working (yet)
> > >>
> > >>- Updated (using s4domaingroup-change-gid) gidNumber to 513
> > >>(to match what
> > >>it was in my old LDAP + SAMBA setup)
> > >>- Created a new user (1002:513) with samba-tool and made sure
> > >>uidNumber and
> > >>gidNumber are filled in
> > >>- checked with apache directory studio (
> > >>http://www.clearcenter.com/support/documentation/clearos_guides
> > >>/using_apache_directory_studio_with_samba_directory_-_samba_4)
> > >>if attributes are available in LDAP, they are
> > >>
> > >>What's next?
> > >>(in the meantime I'll try to backport sid's sssd package)
> > >>
> > >>
> > >>On Wed, Feb 19, 2014 at 12:31 PM, Kenneth Westelinck <
> > >>kenneth.westelinck at gmail.com> wrote:
> > >>
> > >>> this might work:
> > >>>
> > >>http://linuxcostablanca.blogspot.be/2012/02/samba-4-posix-domai
> > >>n-user.html
> > >>>
> > >>>
> > >>> On Wed, Feb 19, 2014 at 11:58 AM, steve <steve at steve-ss.com> wrote:
> > >>>
> > >>>> On Wed, 2014-02-19 at 08:07 +0100, Kenneth Westelinck wrote:
> > >>>> > All,
> > >>>> >
> > >>>> >
> > >>>> > Keytab should be fine, as I used the instructions from
> > >the wiki to
> > >>>> > export it:
> > >>>> > root at bubba3-one:/etc# klist -k krb5.sssd.keytab
> > >>>> > Keytab name: FILE:krb5.sssd.keytab
> > >>>> > KVNO Principal
> > >>>> > ----
> > >>>> >
> > >>>>
> > >>---------------------------------------------------------------
> > >>-----------
> > >>>> >    1 bubba3-one$@EARTH.LOCAL
> > >>>> >    1 bubba3-one$@EARTH.LOCAL
> > >>>> >    1 bubba3-one$@EARTH.LOCAL
> > >>>> > root at bubba3-one:/etc#
> > >>>> >
> > >>>> >
> > >>>> > getent passwd Administrator doesn't return anything
> > >>>> >
> > >>>> >
> > >>>> > I guess I have the uid number stored:
> > >>>> > root at bubba3-one:/etc# wbinfo --user-info Administrator
> > >>>> > EARTH\Administrator:*:0:100::/home/EARTH/Administrator:/bin/false
> > >>>> > root at bubba3-one:/etc#
> > >>>>
> > >>>> getent doesn't work because you do not have the uid:gid
> > >>stored in AD.
> > >>>> Add something like:
> > >>>> uidNumber: 10000
> > >>>> gidNumber: 20513
> > >>>> to the DN of Administrator
> > >>>> and:
> > >>>> gidNumber: 20513
> > >>>> to the DN of Domain Users
> > >>>>
> > >>>> HTH
> > >>>> Steve
> > >>>>
> > >>>> Next question? How?
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >>--
> > >>To unsubscribe from this list go to the following URL and read the
> > >>instructions:  https://lists.samba.org/mailman/options/samba
> > >>
> > >>
> > >
> > >--
> > >To unsubscribe from this list go to the following URL and read the
> > >instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > >
> >
> >

More information about the samba mailing list