[Samba] Samba 4 and Debian
Sven Schwedas
sven.schwedas at tao.at
Thu Jan 16 03:13:04 MST 2014
Okay, winbind works with idmap_ad backend, once I manually added uids/gids.
Wouldn't it be sensible if Samba did that automatically for built-in
groups/users when provisioning with --use-rfc2307, or is there a
drawback to having all exposed to winbind?
On 2014-01-16 08:27, Sven Schwedas wrote:
> On 2014-01-15 16:55, Rowland Penny wrote:
>> On 15/01/14 15:28, Sven Schwedas wrote:
>>> Unrelatedly, I'm struggling with winbind/idmap on member servers.
>>>
>>> Works OK on the PDC:
>>> But member servers don't resolve uids/gids:
>>>
>>>> root at member# cat /etc/samba/smb.conf
>>>> [global]
>>>> workgroup = AD
>>>> realm = AD.TAO.TEST
>>>> security = ADS
>>>> idmap_ldb:use rfc2307 = yes
>>>> template shell=/bin/bash
>>>>
>>>> winbind enum users = Yes
>>>> winbind enum groups = Yes
>>>>
>>>> root at member# getent passwd | /bin/grep '^AD'
>>>> AD\administrator:*:4294967295:4294967295:Administrator:/home/AD/administrator:/bin/bash
>>>>
>>>> AD\krbtgt:*:4294967295:4294967295:krbtgt:/home/AD/krbtgt:/bin/bash
>>>> AD\guest:*:4294967295:4294967295:Guest:/home/AD/guest:/bin/bash
>>> Any pointers how to debug this?
>>>
>> I have had problems similar to yours and could not get the winbind ad
>> backend at all, having said that, if what you have posted is the entire
>> global part of your clients smb.conf then there is quite a lot of it
>> missing, try searching google (other search engines are available).
>
> The problem is that I have no idea what options are still relevant for
> Samba 4 and which aren't. idmap configuration like suggested for samba
> 3.x doesn't seem to have any effect on this problem, e.g.
>
>> Or, download Ubuntu 14.04, install samba 4.0.13 (via apt-get) and set it
>> up as a client and then install sssd, you will be surprised just how
>> little you require in smb.conf and sssd.conf to get it working ;-)
>
> I'd rather backport the jessie/sid packages, or just stick with our old
> pam_ldap+pam_ccreds configuration.
> Switching all clients to Ubuntu would be a whole other nightmare…
>
>
>
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140116/a050d3df/attachment.pgp>
More information about the samba
mailing list