[Samba] Samba 4 / idmap / NIS / winbind

Rowland Penny rowlandpenny at googlemail.com
Sun Jun 8 15:52:38 MDT 2014 

On 08/06/14 22:25, Vogel, Sven wrote:
> Thanks for the help
>
> @Rowland
>
> I tried these but it dont work form e. i think Steve said it right that i need an sssd when i am on the domain controller itself.
Your original post was a bit narrow and adding to the smb.conf will work 
for the samba4 server, but is as much use a chocolate fire-guard for 
other machines in the domain. This is where sssd and using RFC2307 
attributes come into their own.

>
> @Steve
>
> I will try it. You wrote on DC. Whats when i am not on a DC?

You can also use sssd on other machines, there is also winbind, nlscd 
etc, I suggest that you read the wiki and take your choice.

>
> I can add them with samba tool but i dont modify them with it. I saw that in 2012 microsoft removed the unix tab. So the best way will be use the shell. Therefore the only way is ldbedit or ldbmodify. What do you think?

Yes this would be the easiest way, but you will probably find it easiest 
to write some scripts round the ldb-tools, that what I did anyway.

>
> @Nico
>
> Base OS is SLES 11 SP3.

Ah, that fine server OS, based on fossilised remains I believe ;-)

Rowland

> Greeting
>
> Sven
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
> Gesendet: Samstag, 7. Juni 2014 22:35
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Samba 4 / idmap / NIS / winbind
>
> On 07/06/14 21:31, Vogel, Sven wrote:
>> Hi,
>>
>> how can i get work Samba 4 Sernet 4.1.7 correctly with NIS. Ist provisioned with rfc2307.
>>
>> When i query a User withi get the following.
>> 	
>> getent passwd testswi
>> SWI\testswi:*:10000:100:testswi:/home/SWI/testswi:/bin/false
>>
>> I want to change /bin/false to a other value /bin/bash
>>
>> I tried many things to change the value.
>>
>> 1. ldbedit -e vim -H /var/lib/samba/private/sam.ldb
>> samaccountname=testswi i added  "loginShell = /bin/bash" and got
>>
>> ----------------------------------------------------------------------
>> ------------------------------------------------------
>> # record 1
>> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: testswi
>> givenName: testswi
>> instanceType: 4
>> whenCreated: 20140530142421.0Z
>> displayName: testswi
>> uSNCreated: 12359
>> name: testswi
>> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
>> userAccountControl: 66048
>> codePage: 0
>> countryCode: 0
>> pwdLastSet: 130459334610000000
>> primaryGroupID: 513
>> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
>> accountExpires: 9223372036854775807
>> sAMAccountName: testswi
>> sAMAccountType: 805306368
>> userPrincipalName: testswi at swi.local
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
>> loginShell: /bin/bash
>> whenChanged: 20140605153458.0Z
>> uSNChanged: 13969
>> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>> ----------------------------------------------------------------------
>> ------------------------------------------------------
>>
>> nothing changed always /bin/false when i use getent passwd ...
>>
>> 2. i tried the the Windows Remote Administration Tools and the Unix
>> tab in Windows
>>
>> I added NIS Domain, UID, GID, home and login shell but also nothing
>> changed... i got the following
>>
>> # record 1
>> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: testswi
>> givenName: testswi
>> instanceType: 4
>> whenCreated: 20140530142421.0Z
>> displayName: testswi
>> uSNCreated: 12359
>> name: testswi
>> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
>> userAccountControl: 66048
>> codePage: 0
>> countryCode: 0
>> pwdLastSet: 130459334610000000
>> primaryGroupID: 513
>> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
>> accountExpires: 9223372036854775807
>> sAMAccountName: testswi
>> sAMAccountType: 805306368
>> userPrincipalName: testswi at swi.local
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
>> loginShell: /bin/bash
>> whenChanged: 20140607194437.0Z
>> uSNChanged: 14355
>> unixUserPassword: ABCD!efgh12345$67890
>> uid: testswi
>> msSFU30Name: testswi
>> msSFU30NisDomain: swi
>> uidNumber: 10000
>> gidNumber: 100
>> unixHomeDirectory: /home/testswi
>> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>>
>> when i use getent passwd testswi i always get the same as above.
>> /bin/false
>>
>> Questions.
>>
>> Is that a problem from winbind in samba 4 that not all thing will
>> correctly set or supported? W
>>
>> Where get getent passwd ... the information from? I know ist winbind but whats wrong?
>>
>> I read about some user they use sssd or nlcd. Is that the solution for samba 4?
>>
>> I am confused. Anyone who can explain that?
>>
>> Thanks for help
>>
>> Sven Vogel
>>
>>
> HI, add 'template shell = /bin/bash' to smb.conf and restart samba, or add the required RFC2307 attributes to the users and groups.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list