[Samba] Samba 4.1 Member Server and Winbind
Peter.Ross at alumni.tu-berlin.de
Wed Apr 22 20:20:12 MDT 2015
On Wed, 22 Apr 2015, Andrey Repin wrote:
> Greetings, Peter Ross!
>> for a while I am running a Samba 4.1 AD server under FreeBSD (from the
>> FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops.
>> I wanted to add a Samba 4.1 file server as a member server, was able to
>> joint the domain and see AD users via "winbind -u"
>> but "getent password" or "id <user>" does not work.
> Sounds quite familiar...
>> The smb4.conf is following
>> I added RFC2307 attributes to the AD server according to
>> and installed RSAT on a Windows 7 desktop. I can see and manipulate "Unix
>> Attributes" (giving UIDs/GIDs from 10000 upwards) and see them in the LDAP
>> In /etc/nsswitch.conf I have
>> passwd: compat winbind
>> group: compat winbind
Moved back (tried before) to
passwd: files winbind
group: files winbind
because of this in auth.log:
2015-04-23T11:50:42.800676+10:00 filetest1.vv.fda sshd:
NSSWITCH(nsparser): /etc/nsswitch.conf line 16: 'compat' used with
sources, other than 'cache'
but the later does not work either.
2015-04-23T12:05:31.804932+10:00 filetest1.vv.fda sshd:
NSSWITCH(_nsdispatch): winbind, passwd, endpwent, not found, and no
"getent passwd" and "id pross" do not bother to ask winbind, it seems.
Only "winbind -u" initiates network traffic to the AD server, to ask for
The name of the NSS library bothers me, really "nss_winbind.so.1" without
a "lib"? Given there was a bug before
Or does it have to do with the path (under FreeBSD ports install under
I will dig into NSS a bit. It was "just works" until now so I never
bothered to look for details there.
The IDs in AD seem to be okay, I see them in ldsearch and they are in the
More information about the samba