[Samba] Winbind does not read uidNumber
steve
steve at steve-ss.com
Mon Jun 30 16:30:52 MDT 2014
On Mon, 2014-06-30 at 20:39 +0200, Lars Hanke wrote:
> Hi steve,
>
> the checklist is a great tool ... I tuned quite some things. Most of
> them didn't seem to change the behavior in any way.
>
> >> 3. Database check:
> >> no gidNumber here, add gidNumber: 10000
> >> retried on the client, still no users
> > No. This is not within your domain range.
>
> Okay, that probably was the culprit. After changing the client's
> smb.conf to extend the range the user appeared, while Administrator is
> still missing. This is what Rowland's usermap is for, I guess.
>
> Since there is nothing in the logs about this rejection, it may be the
> first thing to check if 'wbinfo -u' has the users, but 'getent passwd'
> does not have them.
>
> >> 4. check for local user
> >>
> >> getent passwd | grep -i mgr has no hits on either machine. But to check
> >> for local entries probably
> >>
> >> grep -i user /etc/passwd
> >>
> >> is more appropriate.
> > However you wish. Just make sure there is a unique domain user.
>
> The differece is that getent will report the non local users as well,
> i.e. it will report the user, if winbind happens to work properly and
> may therefore confuse people working with your checklist.
OK. I'll reword it. But remember, the check-list is because winbind
_isn't_ working!
>
> >> 5. keytab (double numbering!)
> >>
> >> klist -k doesn't work, since Heimdal klist has no option -k. This is MIT
> >> syntax, if I recall correctly.
> > OK. Remove the keytab and recreate it.
>
> The Heimdal syntax is 'ktutil -k /path/to/keytab list'. This worked fine
> on /srv/files/private/secrets.keytab. I linked that to /etc/krb5.keytab,
> i.e. didn't recreate anything. Don't know if that was necessary, since
> we found kerberos working in earlier discussions.
>
> I walked through the other items as well and corrected /etc/hostname of
> the server. For some reason Debian 'hostname' returns 'hostname -s'. So
> probably just state the results of the fully qualified commands in the
> checklist.
>
> I learned a lot in the recent discussion with Rowland and you.
>
> Great work - thanks,
> - lars.
Thanks to you too for working through it and making suggestions.
OpenSource at its best.
M
More information about the samba
mailing list