[Samba] Member server - winbind unable to resolve users/groups
Rowland Penny
rowlandpenny at googlemail.com
Fri Apr 3 06:42:57 MDT 2015
On 03/04/15 13:05, Andrey Repin wrote:
> Greetings, Ashish Yadav!
>
>>>> I'm trying to get the former PDC back into domain after performing a
>>> classic
>>>> migration.
>>>> AD DC is running fine... if you can call it that.
>>>> I've edited the smb.conf and nsswitch.conf as suggested in Wiki article,
>>> and
>>>> rejoined the domain. Went fine apart from failed DNS update with local
>>> zone.
>>>
>>>> # net ads testjoin
>>>> Join is OK
>>>> But there's no data in getent, and domain users are unable to
>>> authenticate on
>>>> the server.
>>>> So, where do I start looking?
>> Please check your /etc/nsswitch.conf file, it should look contains this,
>> passwd: compat winbind
>> group: compat winbind
>> For more information, please go through Samba Wiki first,
>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> Please read the message - I explicitly stated that nsswitch.conf is amended as
> suggested on the wiki.
>
>
OK, so you upgraded an NT-4 style PDC to AD with 'samba-tool domain
classicupgrade', this should have given you users with uidNumber
attributes and groups with gidNumber attributes.
If,as you said, you used the smb.conf from the member server wiki page,
you will have something like this in your smb.conf:
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-99999
Two questions:
Did you change 'SAMDOM' to your workgroup name ?
Are your users & groups uidNumber & gidNumber attributes inside the
'10000=99999' range ?
Rowland
More information about the samba
mailing list