[Samba] Samba4 ad dc with Centos7

L.P.H. van Belle belle at bazuin.nl
Tue Dec 8 12:42:03 UTC 2015


Hai, 

Few things. 

> idmap gid = 1000-9999999 
did you also change the start GID in the AD? 
https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC#Defining_the_next_UID.2FGID_to_use

> "getent group" and "getent passwd"
On a DC, use  : getent group "domain users"  
shows only the group name + GID. 

You setup looks almost good, im only missing something like : 

      ## map id's outside to domain to tdb files. 
	## map ids from the domain and (*) the range may not overlap !
      idmap config * : backend = tdb
      idmap config * : range = 2000-9999


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcio Costa
> Verzonden: dinsdag 8 december 2015 13:28
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba4 ad dc with Centos7
> 
> Hello, I may have a problem with winbind setup.
> 
> -with wbinfo -g and wbinfo -u I get all group/user from AD/DC.
> -with getent group "Domain Users" and getent passwd "remote_user" I can
> see
> the info about the specific group and specific user.
> -with getent group and getent passwd I only see my local group/users.
> 
> -I believe that using "getent group" and "getent passwd" I must see all
> users, right ?
> 
> 
> -I'm using the SerNetSamba Version 4.2.5-SerNet-RedHat-19.el7;
> -ps auxf show me:
> root     24519  0.0  4.5 578196 45700 ?        Ss   09:59   0:00
> /usr/sbin/samba -D
> root     24527  0.0  3.2 578196 32812 ?        S    09:59   0:00  \_
> /usr/sbin/samba -D
> root     24529  0.0  4.7 617856 48016 ?        Ss   09:59   0:00  |   \_
> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> root     24546  0.0  3.2 617856 32936 ?        S    09:59   0:00  |
> \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> 
> root     24536  0.0  3.2 578196 32788 ?        S    09:59   0:00  \_
> /usr/sbin/samba -D
> root     24541  0.0  4.5 587664 46480 ?        Ss   09:59   0:00  |   \_
> /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
> root     24545  0.0  3.5 605676 36492 ?        S    09:59   0:00  |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
> root     24555  0.0  3.6 605992 36680 ?        S    10:00   0:00  |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
> 
> -ls /lib64
> lrwxrwxrwx. 1 root root  19 Dez  3 11:09 /lib64/libnss_winbind.so ->
> libnss_winbind.so.2
> -rwxr-xr-x. 1 root root 20K Out 28 07:44 /lib64/libnss_winbind.so.2
> 
> -/etc/nsswitch.conf
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
> 
> -smb.conf
> [global]
>         workgroup = INTRANET
>         realm = INTRANET.UNV
>         netbios name = ITU
>         server role = active directory domain controller
>         dns forwarder = 10.2.3.4
>         idmap_ldb:use rfc2307 = yes
> 
>         idmap config INTRANET:backend = ad
>         idmap config INTRANET:schema_mode = rfc2307
>         idmap config INTRANET:range = 10000-9999999
> 
>         idmap uid = 10000-9999999
>         idmap gid = 1000-9999999
> 
>         # Use settings from AD for login shell and home directory
>         winbind nss info = rfc2307
> 
>         winbind use default domain = yes
>         winbind enum users = yes
>         winbind enum groups = yes
> 
> I appreciate any help about this issue.
> Thank you.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list