[Samba] Samba 4 / idmap / NIS / winbind

Vogel, Sven Sven.Vogel at kupper-computer.com
Mon Jun 9 04:57:41 MDT 2014


@Rowland and @Steve

Choclate fire guard... :) you wrote own scripts to add the rfc2307 information to the users?

I know SLES is not the best. It was not my decision. I use mostly redhat/centos. I will try sssd. Maybe thats the best choice for connection to the ad.

Maybe it is not correct but when you read on this side. Below....
http://technet.microsoft.com/en-us/library/dn303411.aspx 

The Server for Network Information Service (NIS) is deprecated. This includes the associated administration tools in Remote Server Administration Tools (RSAT). Use native LDAP, Samba Client, Kerberos, or non-Microsoft options.

I dont know maybe they mean other things. Steve what do you think?

Greetings thanks...

Sven


-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
Gesendet: Sonntag, 8. Juni 2014 23:53
An: samba at lists.samba.org
Betreff: Re: [Samba] Samba 4 / idmap / NIS / winbind

On 08/06/14 22:25, Vogel, Sven wrote:
> Thanks for the help
>
> @Rowland
>
> I tried these but it dont work form e. i think Steve said it right that i need an sssd when i am on the domain controller itself.
Your original post was a bit narrow and adding to the smb.conf will work for the samba4 server, but is as much use a chocolate fire-guard for other machines in the domain. This is where sssd and using RFC2307 attributes come into their own.

>
> @Steve
>
> I will try it. You wrote on DC. Whats when i am not on a DC?

You can also use sssd on other machines, there is also winbind, nlscd etc, I suggest that you read the wiki and take your choice.

>
> I can add them with samba tool but i dont modify them with it. I saw that in 2012 microsoft removed the unix tab. So the best way will be use the shell. Therefore the only way is ldbedit or ldbmodify. What do you think?

Yes this would be the easiest way, but you will probably find it easiest to write some scripts round the ldb-tools, that what I did anyway.

>
> @Nico
>
> Base OS is SLES 11 SP3.

Ah, that fine server OS, based on fossilised remains I believe ;-)

Rowland

> Greeting
>
> Sven
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org 
> [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
> Gesendet: Samstag, 7. Juni 2014 22:35
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Samba 4 / idmap / NIS / winbind
>
> On 07/06/14 21:31, Vogel, Sven wrote:
>> Hi,
>>
>> how can i get work Samba 4 Sernet 4.1.7 correctly with NIS. Ist provisioned with rfc2307.
>>
>> When i query a User withi get the following.
>> 	
>> getent passwd testswi
>> SWI\testswi:*:10000:100:testswi:/home/SWI/testswi:/bin/false
>>
>> I want to change /bin/false to a other value /bin/bash
>>
>> I tried many things to change the value.
>>
>> 1. ldbedit -e vim -H /var/lib/samba/private/sam.ldb 
>> samaccountname=testswi i added  "loginShell = /bin/bash" and got
>>
>> ---------------------------------------------------------------------
>> -
>> ------------------------------------------------------
>> # record 1
>> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: testswi
>> givenName: testswi
>> instanceType: 4
>> whenCreated: 20140530142421.0Z
>> displayName: testswi
>> uSNCreated: 12359
>> name: testswi
>> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
>> userAccountControl: 66048
>> codePage: 0
>> countryCode: 0
>> pwdLastSet: 130459334610000000
>> primaryGroupID: 513
>> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
>> accountExpires: 9223372036854775807
>> sAMAccountName: testswi
>> sAMAccountType: 805306368
>> userPrincipalName: testswi at swi.local
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
>> loginShell: /bin/bash
>> whenChanged: 20140605153458.0Z
>> uSNChanged: 13969
>> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>> ---------------------------------------------------------------------
>> -
>> ------------------------------------------------------
>>
>> nothing changed always /bin/false when i use getent passwd ...
>>
>> 2. i tried the the Windows Remote Administration Tools and the Unix 
>> tab in Windows
>>
>> I added NIS Domain, UID, GID, home and login shell but also nothing 
>> changed... i got the following
>>
>> # record 1
>> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: testswi
>> givenName: testswi
>> instanceType: 4
>> whenCreated: 20140530142421.0Z
>> displayName: testswi
>> uSNCreated: 12359
>> name: testswi
>> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
>> userAccountControl: 66048
>> codePage: 0
>> countryCode: 0
>> pwdLastSet: 130459334610000000
>> primaryGroupID: 513
>> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
>> accountExpires: 9223372036854775807
>> sAMAccountName: testswi
>> sAMAccountType: 805306368
>> userPrincipalName: testswi at swi.local
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
>> loginShell: /bin/bash
>> whenChanged: 20140607194437.0Z
>> uSNChanged: 14355
>> unixUserPassword: ABCD!efgh12345$67890
>> uid: testswi
>> msSFU30Name: testswi
>> msSFU30NisDomain: swi
>> uidNumber: 10000
>> gidNumber: 100
>> unixHomeDirectory: /home/testswi
>> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>>
>> when i use getent passwd testswi i always get the same as above.
>> /bin/false
>>
>> Questions.
>>
>> Is that a problem from winbind in samba 4 that not all thing will 
>> correctly set or supported? W
>>
>> Where get getent passwd ... the information from? I know ist winbind but whats wrong?
>>
>> I read about some user they use sssd or nlcd. Is that the solution for samba 4?
>>
>> I am confused. Anyone who can explain that?
>>
>> Thanks for help
>>
>> Sven Vogel
>>
>>
> HI, add 'template shell = /bin/bash' to smb.conf and restart samba, or add the required RFC2307 attributes to the users and groups.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list