[Samba] Samba 4 and Debian

Rowland Penny rowlandpenny at googlemail.com
Wed Jan 15 08:55:56 MST 2014 

On 15/01/14 15:28, Sven Schwedas wrote:
> On 2014-01-15 16:13, Rowland Penny wrote:
>> On 15/01/14 12:32, Sven Schwedas wrote:
>>> Backports have 4.1.3:
>>>> http://packages.debian.org/wheezy-backports/samba
>>> Which seems to be the same version as sid, and should save me the effort
>>> of recompiling (I'll need to run it on 20+ machines, so not compiling
>>> stuff myself for every new release is a bonus :-) ).
>> I would wait a bit if I was you, version 4.1.3 from backports is
>> probably the same as version 4.1.3 in Jessie and whilst it installs and
>> you can provision it, there seems to be a problem with samba-tool. I
>> have been trying it out in a VM and cannot get samba-tool to export the
>> domain keytab, it segfaults every time, there is a bug open for it here:
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732342
>>
>> It would seem the problem lies in the hdb plugin (whatever that is) and
>> samba hasn't been keeping up-to-date with it, from reading the bug
>> report, patches are imminent.
>>
>> This probably explains why 4.1.3 hasn't made it into Ubuntu 14.04 yet.
> Thanks for the heads up. So far I haven't run in this bug, but I'll keep
> it in mind.
>
>
> Unrelatedly, I'm struggling with winbind/idmap on member servers.
>
> Works OK on the PDC:
>> root at pdc# cat /etc/samba/smb.conf
>> [global]
>> 	workgroup = AD
>> 	realm = AD.TAO.TEST
>> 	netbios name = PDC
>> 	server role = active directory domain controller
>> 	dns forwarder = 192.168.122.1
>> 	idmap_ldb:use rfc2307 = yes
>> 	template shell=/bin/bash
>>
>> [netlogon]
>> 	path = /var/lib/samba/sysvol/ad.tao.test/scripts
>> 	read only = No
>>
>> [sysvol]
>> 	path = /var/lib/samba/sysvol
>> 	read only = No
>>
>> root at pdc# getent passwd | /bin/grep '^AD'
>> AD\Administrator:*:0:100::/home/AD/Administrator:/bin/bash
>> AD\Guest:*:3000011:3000012::/home/AD/Guest:/bin/bash
>> AD\krbtgt:*:3000017:100::/home/AD/krbtgt:/bin/bash
> But member servers don't resolve uids/gids:
>
>> root at member# cat /etc/samba/smb.conf
>> [global]
>> 	workgroup = AD
>> 	realm = AD.TAO.TEST
>> 	security = ADS
>> 	idmap_ldb:use rfc2307 = yes
>> 	template shell=/bin/bash
>>
>> 	winbind enum users = Yes
>> 	winbind enum groups = Yes
>>
>> root at member# getent passwd | /bin/grep '^AD'
>> AD\administrator:*:4294967295:4294967295:Administrator:/home/AD/administrator:/bin/bash
>> AD\krbtgt:*:4294967295:4294967295:krbtgt:/home/AD/krbtgt:/bin/bash
>> AD\guest:*:4294967295:4294967295:Guest:/home/AD/guest:/bin/bash
> Any pointers how to debug this?
>
I have had problems similar to yours and could not get the winbind ad 
backend at all, having said that, if what you have posted is the entire 
global part of your clients smb.conf then there is quite a lot of it 
missing, try searching google (other search engines are available).

Or, download Ubuntu 14.04, install samba 4.0.13 (via apt-get) and set it 
up as a client and then install sssd, you will be surprised just how 
little you require in smb.conf and sssd.conf to get it working ;-)

Rowland

More information about the samba mailing list