[Samba] Samba 4.1.9 member server config in a samba 4 ADS Domain

Daniel Müller mueller at tropenklinik.de
Tue Jul 22 08:17:16 MDT 2014 

Now I did this smb.conf:

[global]
        workgroup = TPLK
        realm = TPLK.LOC
        security = ADS
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind nss info = rfc2307
        idmap config TPLK:range = 500-40000
        idmap config TPLK:schema_mode = rfc2307
        idmap config TPLK:backend = ad
        idmap config *:range = 70001-80000
        idmap config * : backend = tdb

and after joining:
net ads join -U administrator
Enter administrator's password:
Using short domain name -- TPLK
Joined 'CENTCLUST1' to dns domain 'tplk.loc'

 when I start manually smbd then nmbd and winbindd by hand it results in:


STATUS=daemon 'smbd' finished starting up and ready to serve
connectionsUnable to connect to CUPS server localhost:631 -
Verbindungsaufbau abgelehnt
Jul 22 16:13:01 centclust1 smbd[4364]:   STATUS=daemon 'smbd' finished
starting up and ready to serve connectionsfailed to retrieve printer list:
NT_STATUS_UNSUCCESSFUL
Jul 22 16:13:09 centclust1 nmbd[4369]: [2014/07/22 16:13:09.366916,  0]
../source3/nmbd/nmbd.c:945(main)
Jul 22 16:13:09 centclust1 nmbd[4369]:   standard input is not a socket,
assuming -D option
Jul 22 16:13:09 centclust1 nmbd[4370]: [2014/07/22 16:13:09.370087,  0]
../lib/util/become_daemon.c:136(daemon_ready)
Jul 22 16:13:21 centclust1 winbindd[4425]: [2014/07/22 16:13:21.183036,  0]
../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
Jul 22 16:13:21 centclust1 winbindd[4425]:   initialize_winbindd_cache:
clearing cache and re-creating with version number 2
Jul 22 16:13:21 centclust1 winbindd[4425]: [2014/07/22 16:13:21.185657,  0]
../lib/util/become_daemon.c:136(daemon_ready)
Jul 22 16:13:33 centclust1 nmbd[4370]:   STATUS=daemon 'nmbd' finished
starting up and ready to serve connections*****

And wbinfo -u:

[root at centclust1 sbin]# wbinfo -u
fcbraun
reiser
stoyanopoulos
fischerkeller
michaletz-stolz
drumm
schlotterbeck
hahn
droessler
schaeffer
zanzinger
rueda
walker...


And wbinfo -g

wbinfo -g
allowed rodc password replication group
enterprise read-only domain controllers
denied rodc password replication group
read-only domain controllers
group policy creator owners
ras and ias servers
terminalserver user
patientenverwaltung
domain controllers..-


getent passwd and group leaves me with local users and groups no ads
stuff!!! 





When I set this properties in my smb.conf [global]

server services = +smb, +winbind
It does not start up with this error:

Jul 22 16:09:25 centclust1 samba[3323]:   STATUS=daemon 'samba' finished
starting up and ready to serve
 connectionssamba_terminate: Cannot start Winbind (domainmember): 
Failed to find record for TPLK in /usr/local/samba/private/secrets.ldb:
 No such object: (null): Have you joined the TPLK domain?


EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de




-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Rowland Penny
Gesendet: Dienstag, 22. Juli 2014 15:20
An: samba at lists.samba.org
Betreff: Re: [Samba] Samba 4.1.9 member server config in a samba 4 ADS
Domain

On 22/07/14 14:03, Daniel Müller wrote:
> Dear all,
>
> I try to setup a samba 4 member server on centos 6.5. The wikis and 
> howtos I have found are very confusing.
> Which is the right way to do this. So winbind can map the domain users 
> and groups.
> What I have done yet is,
> Set up Kerberos working and can contact my ADS-kerberos Servers:
>    klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at TPLK.LOC
>
> Valid starting     Expires            Service principal
> 07/22/14 12:34:21  07/22/14 22:34:21  krbtgt/TPLK.LOC at TPLK.LOC
>          renew until 07/29/14 12:34:18
>
> Installed samba4.1.9 from gz without any provision.
> Set winbind right : ldconfig -v |grep winbind
> ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-431.20.3.el6.x86_64.conf:6:
> duplicate hwcap 1 nosegneg
>          libnss_winbind.so -> libnss_winbind.so.2
>          libnss_winbind.so -> libnss_winbind.so.2
>
> set /etc/nsswitch.conf
> to:
> passwd:     files winbind
> shadow:     files
> group:      files  winbind
>
> hosts:      files dns
>
> Do I have to provision the samba4 server in any way to establish a 
> /usr/local/samba/etc/smb.conf?

No, you do not provision.

> Or do I make smb.conf by hand?

Yes, you will have to create your smb.conf, this is usually where the
problems start, easiest way is to use RFC2307 attributes and the ad backend,
but you could use the rid backend or some other backend that virtually few
people use.

> Do I have to start windbind in server protocols im [global]!?

winbind is a deamon just like smbd, so you need to start it just like smbd,
but I think that you mean 'do I have to add winbind lines to the global part
of smb.conf', if so, then yes if you want to use winbind.

> What is the way to join right to the samba4 ads domain?

I normally just use the 'net' command:

net ads join -U Administrator at EXAMPLE.COM

Rowland

>
> Greetings
> Daniel
>
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>   
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list