[Samba] Samba 4 and Debian

Sven Schwedas sven.schwedas at tao.at
Thu Jan 16 03:13:04 MST 2014


Okay, winbind works with idmap_ad backend, once I manually added uids/gids.

Wouldn't it be sensible if Samba did that automatically for built-in
groups/users when provisioning with --use-rfc2307, or is there a
drawback to having all exposed to winbind?

On 2014-01-16 08:27, Sven Schwedas wrote:
> On 2014-01-15 16:55, Rowland Penny wrote:
>> On 15/01/14 15:28, Sven Schwedas wrote:
>>> Unrelatedly, I'm struggling with winbind/idmap on member servers.
>>>
>>> Works OK on the PDC:
>>> But member servers don't resolve uids/gids:
>>>
>>>> root at member# cat /etc/samba/smb.conf
>>>> [global]
>>>>     workgroup = AD
>>>>     realm = AD.TAO.TEST
>>>>     security = ADS
>>>>     idmap_ldb:use rfc2307 = yes
>>>>     template shell=/bin/bash
>>>>
>>>>     winbind enum users = Yes
>>>>     winbind enum groups = Yes
>>>>
>>>> root at member# getent passwd | /bin/grep '^AD'
>>>> AD\administrator:*:4294967295:4294967295:Administrator:/home/AD/administrator:/bin/bash
>>>>
>>>> AD\krbtgt:*:4294967295:4294967295:krbtgt:/home/AD/krbtgt:/bin/bash
>>>> AD\guest:*:4294967295:4294967295:Guest:/home/AD/guest:/bin/bash
>>> Any pointers how to debug this?
>>>
>> I have had problems similar to yours and could not get the winbind ad
>> backend at all, having said that, if what you have posted is the entire
>> global part of your clients smb.conf then there is quite a lot of it
>> missing, try searching google (other search engines are available).
> 
> The problem is that I have no idea what options are still relevant for
> Samba 4 and which aren't. idmap configuration like suggested for samba
> 3.x doesn't seem to have any effect on this problem, e.g.
> 
>> Or, download Ubuntu 14.04, install samba 4.0.13 (via apt-get) and set it
>> up as a client and then install sssd, you will be surprised just how
>> little you require in smb.conf and sssd.conf to get it working ;-)
> 
> I'd rather backport the jessie/sid packages, or just stick with our old
> pam_ldap+pam_ccreds configuration.
> Switching all clients to Ubuntu would be a whole other nightmare…
> 
> 
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140116/a050d3df/attachment.pgp>


More information about the samba mailing list