[Samba] Samba 4 and Debian
Sven Schwedas
sven.schwedas at tao.at
Wed Jan 15 08:28:54 MST 2014
On 2014-01-15 16:13, Rowland Penny wrote:
> On 15/01/14 12:32, Sven Schwedas wrote:
>> Backports have 4.1.3:
>>> http://packages.debian.org/wheezy-backports/samba
>> Which seems to be the same version as sid, and should save me the effort
>> of recompiling (I'll need to run it on 20+ machines, so not compiling
>> stuff myself for every new release is a bonus :-) ).
>
> I would wait a bit if I was you, version 4.1.3 from backports is
> probably the same as version 4.1.3 in Jessie and whilst it installs and
> you can provision it, there seems to be a problem with samba-tool. I
> have been trying it out in a VM and cannot get samba-tool to export the
> domain keytab, it segfaults every time, there is a bug open for it here:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732342
>
> It would seem the problem lies in the hdb plugin (whatever that is) and
> samba hasn't been keeping up-to-date with it, from reading the bug
> report, patches are imminent.
>
> This probably explains why 4.1.3 hasn't made it into Ubuntu 14.04 yet.
Thanks for the heads up. So far I haven't run in this bug, but I'll keep
it in mind.
Unrelatedly, I'm struggling with winbind/idmap on member servers.
Works OK on the PDC:
> root at pdc# cat /etc/samba/smb.conf
> [global]
> workgroup = AD
> realm = AD.TAO.TEST
> netbios name = PDC
> server role = active directory domain controller
> dns forwarder = 192.168.122.1
> idmap_ldb:use rfc2307 = yes
> template shell=/bin/bash
>
> [netlogon]
> path = /var/lib/samba/sysvol/ad.tao.test/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> root at pdc# getent passwd | /bin/grep '^AD'
> AD\Administrator:*:0:100::/home/AD/Administrator:/bin/bash
> AD\Guest:*:3000011:3000012::/home/AD/Guest:/bin/bash
> AD\krbtgt:*:3000017:100::/home/AD/krbtgt:/bin/bash
But member servers don't resolve uids/gids:
> root at member# cat /etc/samba/smb.conf
> [global]
> workgroup = AD
> realm = AD.TAO.TEST
> security = ADS
> idmap_ldb:use rfc2307 = yes
> template shell=/bin/bash
>
> winbind enum users = Yes
> winbind enum groups = Yes
>
> root at member# getent passwd | /bin/grep '^AD'
> AD\administrator:*:4294967295:4294967295:Administrator:/home/AD/administrator:/bin/bash
> AD\krbtgt:*:4294967295:4294967295:krbtgt:/home/AD/krbtgt:/bin/bash
> AD\guest:*:4294967295:4294967295:Guest:/home/AD/guest:/bin/bash
Any pointers how to debug this?
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140115/9d90ffa7/attachment.pgp>
More information about the samba
mailing list