[Samba] Samba 4 and Debian

Sven Schwedas sven.schwedas at tao.at
Thu Jan 16 00:27:51 MST 2014 

On 2014-01-15 16:55, Rowland Penny wrote:
> On 15/01/14 15:28, Sven Schwedas wrote:
>> Unrelatedly, I'm struggling with winbind/idmap on member servers.
>>
>> Works OK on the PDC:
>> But member servers don't resolve uids/gids:
>>
>>> root at member# cat /etc/samba/smb.conf
>>> [global]
>>>     workgroup = AD
>>>     realm = AD.TAO.TEST
>>>     security = ADS
>>>     idmap_ldb:use rfc2307 = yes
>>>     template shell=/bin/bash
>>>
>>>     winbind enum users = Yes
>>>     winbind enum groups = Yes
>>>
>>> root at member# getent passwd | /bin/grep '^AD'
>>> AD\administrator:*:4294967295:4294967295:Administrator:/home/AD/administrator:/bin/bash
>>>
>>> AD\krbtgt:*:4294967295:4294967295:krbtgt:/home/AD/krbtgt:/bin/bash
>>> AD\guest:*:4294967295:4294967295:Guest:/home/AD/guest:/bin/bash
>> Any pointers how to debug this?
>>
> I have had problems similar to yours and could not get the winbind ad
> backend at all, having said that, if what you have posted is the entire
> global part of your clients smb.conf then there is quite a lot of it
> missing, try searching google (other search engines are available).

The problem is that I have no idea what options are still relevant for
Samba 4 and which aren't. idmap configuration like suggested for samba
3.x doesn't seem to have any effect on this problem, e.g.

> Or, download Ubuntu 14.04, install samba 4.0.13 (via apt-get) and set it
> up as a client and then install sssd, you will be surprised just how
> little you require in smb.conf and sssd.conf to get it working ;-)

I'd rather backport the jessie/sid packages, or just stick with our old
pam_ldap+pam_ccreds configuration.
Switching all clients to Ubuntu would be a whole other nightmare…

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140116/0ff48621/attachment.pgp>

More information about the samba mailing list