[Samba] Samba4 ad dc with Centos7
L.P.H. van Belle
belle at bazuin.nl
Tue Dec 8 12:42:03 UTC 2015
Hai,
Few things.
> idmap gid = 1000-9999999
did you also change the start GID in the AD?
https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC#Defining_the_next_UID.2FGID_to_use
> "getent group" and "getent passwd"
On a DC, use : getent group "domain users"
shows only the group name + GID.
You setup looks almost good, im only missing something like :
## map id's outside to domain to tdb files.
## map ids from the domain and (*) the range may not overlap !
idmap config * : backend = tdb
idmap config * : range = 2000-9999
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcio Costa
> Verzonden: dinsdag 8 december 2015 13:28
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba4 ad dc with Centos7
>
> Hello, I may have a problem with winbind setup.
>
> -with wbinfo -g and wbinfo -u I get all group/user from AD/DC.
> -with getent group "Domain Users" and getent passwd "remote_user" I can
> see
> the info about the specific group and specific user.
> -with getent group and getent passwd I only see my local group/users.
>
> -I believe that using "getent group" and "getent passwd" I must see all
> users, right ?
>
>
> -I'm using the SerNetSamba Version 4.2.5-SerNet-RedHat-19.el7;
> -ps auxf show me:
> root 24519 0.0 4.5 578196 45700 ? Ss 09:59 0:00
> /usr/sbin/samba -D
> root 24527 0.0 3.2 578196 32812 ? S 09:59 0:00 \_
> /usr/sbin/samba -D
> root 24529 0.0 4.7 617856 48016 ? Ss 09:59 0:00 | \_
> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> root 24546 0.0 3.2 617856 32936 ? S 09:59 0:00 |
> \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>
> root 24536 0.0 3.2 578196 32788 ? S 09:59 0:00 \_
> /usr/sbin/samba -D
> root 24541 0.0 4.5 587664 46480 ? Ss 09:59 0:00 | \_
> /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
> root 24545 0.0 3.5 605676 36492 ? S 09:59 0:00 |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
> root 24555 0.0 3.6 605992 36680 ? S 10:00 0:00 |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
>
> -ls /lib64
> lrwxrwxrwx. 1 root root 19 Dez 3 11:09 /lib64/libnss_winbind.so ->
> libnss_winbind.so.2
> -rwxr-xr-x. 1 root root 20K Out 28 07:44 /lib64/libnss_winbind.so.2
>
> -/etc/nsswitch.conf
> passwd: files winbind
> shadow: files winbind
> group: files winbind
>
> -smb.conf
> [global]
> workgroup = INTRANET
> realm = INTRANET.UNV
> netbios name = ITU
> server role = active directory domain controller
> dns forwarder = 10.2.3.4
> idmap_ldb:use rfc2307 = yes
>
> idmap config INTRANET:backend = ad
> idmap config INTRANET:schema_mode = rfc2307
> idmap config INTRANET:range = 10000-9999999
>
> idmap uid = 10000-9999999
> idmap gid = 1000-9999999
>
> # Use settings from AD for login shell and home directory
> winbind nss info = rfc2307
>
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> I appreciate any help about this issue.
> Thank you.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list