[Samba] sssd-ad cannot be installed with sernet samba

L.P.H. van Belle belle at bazuin.nl
Thu Apr 2 03:50:28 MDT 2015 

Looks to me your setup is not correct.. 

just set the UID for the user if you have an AD backend configured. ( like my setup below ) 
configure nsswitch and you see it works. 
OR like below , setup a RID backedn and enable the template lines. 


look here this is my DC setup.

[global]
        workgroup = DOMAIN
        realm = DOMAIN.PRIVATE
        netbios name = DC1
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate

        ## KEEP THIS OFF !! Only used for modify-ing the AD Schema
        ## ONLY DONE ONES ON THE DC WITH THE FSMO Roles
        sdb:schema update allowed = no

        ## Dont forget to set the idmap_ldb on ALL DC's if you use it
        idmap_ldb:use rfc2307 = yes

        idmap config * : backend = tdb
        idmap config * : range = 2000-9999
        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : range = 10000-3999999

        #when using idmap backend RID enable these
        #template shell = /bin/false
        #template homedir = /home/users/%ACCOUNTNAME%

        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes

        interfaces = 127.0.0.1 192.168.0.1
        bind interfaces only = yes
        time server = yes
        wins support = yes


and this is my member setup.

[global]
        netbios name = MEMBER5
        workgroup = DOMAIN
        security = ADS
        realm = DOMAIN.PRIVATE

        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab

        interfaces = 127.0.0.1 192.168.0.5
        bind interfaces only = yes

        idmap config * : backend = tdb
        idmap config * : range = 2000-9999
        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : range = 10000-3999999

        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users  = yes
        winbind enum groups = yes
        winbind refresh tickets = Yes

        # user Administrator workaround, without it you are unable to set privileges
        username map = /etc/samba/user.map

        #when using idmap backend RID enable these
        #template shell = /bin/bash
        #template homedir = /home/users/%ACCOUNTNAME%



>-----Oorspronkelijk bericht-----
>Van: buhorojo.lcb at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens buhorojo
>Verzonden: donderdag 2 april 2015 11:21
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] sssd-ad cannot be installed with sernet samba
>
>On 02/04/15 08:36, L.P.H. van Belle wrote:
>> nss/winbind does work, yes, there is 1 missing file, just created it.
>> ( and this is not needed on a DC ! )
>So you are telling us that something that returns:
>/bin/false
>  when:
>/bin/bash
>is specified in the database is a piece of software that is working?
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list