[Samba] Samba 4.1 Member Server and Winbind
Peter Ross
Peter.Ross at alumni.tu-berlin.de
Wed Apr 22 00:14:16 MDT 2015
Hello everybody,
for a while I am running a Samba 4.1 AD server under FreeBSD (from the
FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops.
I wanted to add a Samba 4.1 file server as a member server, was able to
joint the domain and see AD users via "winbind -u"
but "getent password" or "id <user>" does not work.
The smb4.conf is following
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
I added RFC2307 attributes to the AD server according to
https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC
and installed RSAT on a Windows 7 desktop. I can see and manipulate "Unix
Attributes" (giving UIDs/GIDs from 10000 upwards) and see them in the LDAP
dump.
In /etc/nsswitch.conf I have
passwd: compat winbind
group: compat winbind
To the library.. the port installed
nss_winbind.so.1
but it did not appear in "ldconfig -r".. Just for the purpose of testing I
moved it to
libnss_winbind.so.1
so ldconfig finds it.. Is this a bug? Someting to do with
https://bugzilla.samba.org/show_bug.cgi?id=9704 ?
Anyway, no getent entries, no id..
Here the smb4.conf:
[global]
workgroup = DOMAIN
security = ADS
realm = DOMAIN.FDA
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
winbind expand groups = 4
winbind normalize names = Yes
..
Do you have any advice which could help me to get it working?
Thanks
Peter
More information about the samba
mailing list