[Samba] Samba 4 and Debian

Sven Schwedas sven.schwedas at tao.at
Wed Jan 15 08:28:54 MST 2014 

On 2014-01-15 16:13, Rowland Penny wrote:
> On 15/01/14 12:32, Sven Schwedas wrote:
>> Backports have 4.1.3:
>>> http://packages.debian.org/wheezy-backports/samba
>> Which seems to be the same version as sid, and should save me the effort
>> of recompiling (I'll need to run it on 20+ machines, so not compiling
>> stuff myself for every new release is a bonus :-) ).
> 
> I would wait a bit if I was you, version 4.1.3 from backports is
> probably the same as version 4.1.3 in Jessie and whilst it installs and
> you can provision it, there seems to be a problem with samba-tool. I
> have been trying it out in a VM and cannot get samba-tool to export the
> domain keytab, it segfaults every time, there is a bug open for it here:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732342
> 
> It would seem the problem lies in the hdb plugin (whatever that is) and
> samba hasn't been keeping up-to-date with it, from reading the bug
> report, patches are imminent. 
> 
> This probably explains why 4.1.3 hasn't made it into Ubuntu 14.04 yet.

Thanks for the heads up. So far I haven't run in this bug, but I'll keep
it in mind.


Unrelatedly, I'm struggling with winbind/idmap on member servers.

Works OK on the PDC:
> root at pdc# cat /etc/samba/smb.conf
> [global]
> 	workgroup = AD
> 	realm = AD.TAO.TEST
> 	netbios name = PDC
> 	server role = active directory domain controller
> 	dns forwarder = 192.168.122.1
> 	idmap_ldb:use rfc2307 = yes
> 	template shell=/bin/bash
> 
> [netlogon]
> 	path = /var/lib/samba/sysvol/ad.tao.test/scripts
> 	read only = No
> 
> [sysvol]
> 	path = /var/lib/samba/sysvol
> 	read only = No
> 
> root at pdc# getent passwd | /bin/grep '^AD'
> AD\Administrator:*:0:100::/home/AD/Administrator:/bin/bash
> AD\Guest:*:3000011:3000012::/home/AD/Guest:/bin/bash
> AD\krbtgt:*:3000017:100::/home/AD/krbtgt:/bin/bash

But member servers don't resolve uids/gids:

> root at member# cat /etc/samba/smb.conf
> [global]
> 	workgroup = AD
> 	realm = AD.TAO.TEST
> 	security = ADS
> 	idmap_ldb:use rfc2307 = yes
> 	template shell=/bin/bash
> 
> 	winbind enum users = Yes
> 	winbind enum groups = Yes
> 
> root at member# getent passwd | /bin/grep '^AD'
> AD\administrator:*:4294967295:4294967295:Administrator:/home/AD/administrator:/bin/bash
> AD\krbtgt:*:4294967295:4294967295:krbtgt:/home/AD/krbtgt:/bin/bash
> AD\guest:*:4294967295:4294967295:Guest:/home/AD/guest:/bin/bash

Any pointers how to debug this?


-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140115/9d90ffa7/attachment.pgp>

More information about the samba mailing list