[Samba] Samba 4.1 Member Server and Winbind

Daniel Carrasco Marín danielmadrid19 at gmail.com
Wed Apr 22 02:54:06 MDT 2015 

I've got the same problem and my solution was install winbind,
libnss-winbind and libpam-winbind. After the v4.2 i think is not necessary.

Greetings!!

2015-04-22 8:14 GMT+02:00 Peter Ross <Peter.Ross at alumni.tu-berlin.de>:

> Hello everybody,
>
> for a while I am running a Samba 4.1 AD server under FreeBSD (from the
> FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops.
>
> I wanted to add a Samba 4.1 file server as a member server, was able to
> joint the domain and see AD users via "winbind -u"
>
> but "getent password" or "id <user>" does not work.
>
> The smb4.conf is following
>
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
> I added RFC2307 attributes to the AD server according to
>
> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC
>
> and installed RSAT on a Windows 7 desktop. I can see and manipulate "Unix
> Attributes" (giving UIDs/GIDs from 10000 upwards) and see them in the LDAP
> dump.
>
> In /etc/nsswitch.conf I have
>
> passwd: compat winbind
> group: compat winbind
>
> To the library.. the port installed
>
>     nss_winbind.so.1
>
> but it did not appear in "ldconfig -r".. Just for the purpose of testing I
> moved it to
>
>     libnss_winbind.so.1
>
> so ldconfig finds it.. Is this a bug? Someting to do with
> https://bugzilla.samba.org/show_bug.cgi?id=9704 ?
>
> Anyway, no getent entries, no id..
>
> Here the smb4.conf:
>
> [global]
>
>    workgroup = DOMAIN
>    security = ADS
>    realm = DOMAIN.FDA
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>
>    idmap config *:backend = tdb
>    idmap config *:range = 2000-9999
>    idmap config DOMAIN:backend = ad
>    idmap config DOMAIN:schema_mode = rfc2307
>    idmap config DOMAIN:range = 10000-99999
>
>    winbind nss info = rfc2307
>    winbind trusted domains only = no
>    winbind use default domain = yes
>    winbind enum users  = yes
>    winbind enum groups = yes
>    winbind refresh tickets = Yes
>    winbind expand groups = 4
>    winbind normalize names = Yes
>
> ..
>
> Do you have any advice which could help me to get it working?
>
> Thanks
> Peter
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list