[Samba] Samba 4.1 Member Server and Winbind
Peter Ross
Peter.Ross at alumni.tu-berlin.de
Wed Apr 22 20:20:12 MDT 2015
On Wed, 22 Apr 2015, Andrey Repin wrote:
> Greetings, Peter Ross!
Greetings, Andrey!
>> for a while I am running a Samba 4.1 AD server under FreeBSD (from the
>> FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops.
>
>> I wanted to add a Samba 4.1 file server as a member server, was able to
>> joint the domain and see AD users via "winbind -u"
>
>> but "getent password" or "id <user>" does not work.
>
> Sounds quite familiar...
>
>> The smb4.conf is following
>
>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
>> I added RFC2307 attributes to the AD server according to
>
>> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC
>
>> and installed RSAT on a Windows 7 desktop. I can see and manipulate "Unix
>> Attributes" (giving UIDs/GIDs from 10000 upwards) and see them in the LDAP
>> dump.
>
>> In /etc/nsswitch.conf I have
>
>> passwd: compat winbind
>> group: compat winbind
Moved back (tried before) to
passwd: files winbind
group: files winbind
because of this in auth.log:
2015-04-23T11:50:42.800676+10:00 filetest1.vv.fda sshd[98179]:
NSSWITCH(nsparser): /etc/nsswitch.conf line 16: 'compat' used with
sources, other than 'cache'
but the later does not work either.
2015-04-23T12:05:31.804932+10:00 filetest1.vv.fda sshd[99725]:
NSSWITCH(_nsdispatch): winbind, passwd, endpwent, not found, and no
fallback provided
"getent passwd" and "id pross" do not bother to ask winbind, it seems.
Only "winbind -u" initiates network traffic to the AD server, to ask for
the list.
The name of the NSS library bothers me, really "nss_winbind.so.1" without
a "lib"? Given there was a bug before
(https://bugzilla.samba.org/show_bug.cgi?id=9704)
Or does it have to do with the path (under FreeBSD ports install under
/usr/local)?
I will dig into NSS a bit. It was "just works" until now so I never
bothered to look for details there.
The IDs in AD seem to be okay, I see them in ldsearch and they are in the
right range.
Regards
peter
More information about the samba
mailing list