[Samba] Samba4 ad dc with Centos7
mathias dufresne
infractory at gmail.com
Tue Dec 8 13:10:34 UTC 2015
I believe there is no enumeration allowed by default whatever you use to
generate system users from AD (winbind, sssd or nslcd).
Cheers,
mathias
2015-12-08 13:42 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
> Hai,
>
> Few things.
>
> > idmap gid = 1000-9999999
> did you also change the start GID in the AD?
>
> https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC#Defining_the_next_UID.2FGID_to_use
>
> > "getent group" and "getent passwd"
> On a DC, use : getent group "domain users"
> shows only the group name + GID.
>
> You setup looks almost good, im only missing something like :
>
> ## map id's outside to domain to tdb files.
> ## map ids from the domain and (*) the range may not overlap !
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcio Costa
> > Verzonden: dinsdag 8 december 2015 13:28
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] Samba4 ad dc with Centos7
> >
> > Hello, I may have a problem with winbind setup.
> >
> > -with wbinfo -g and wbinfo -u I get all group/user from AD/DC.
> > -with getent group "Domain Users" and getent passwd "remote_user" I can
> > see
> > the info about the specific group and specific user.
> > -with getent group and getent passwd I only see my local group/users.
> >
> > -I believe that using "getent group" and "getent passwd" I must see all
> > users, right ?
> >
> >
> > -I'm using the SerNetSamba Version 4.2.5-SerNet-RedHat-19.el7;
> > -ps auxf show me:
> > root 24519 0.0 4.5 578196 45700 ? Ss 09:59 0:00
> > /usr/sbin/samba -D
> > root 24527 0.0 3.2 578196 32812 ? S 09:59 0:00 \_
> > /usr/sbin/samba -D
> > root 24529 0.0 4.7 617856 48016 ? Ss 09:59 0:00 | \_
> > /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> > root 24546 0.0 3.2 617856 32936 ? S 09:59 0:00 |
> > \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> >
> > root 24536 0.0 3.2 578196 32788 ? S 09:59 0:00 \_
> > /usr/sbin/samba -D
> > root 24541 0.0 4.5 587664 46480 ? Ss 09:59 0:00 | \_
> > /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
> > root 24545 0.0 3.5 605676 36492 ? S 09:59 0:00 |
> > \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> > foreground
> > root 24555 0.0 3.6 605992 36680 ? S 10:00 0:00 |
> > \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> > foreground
> >
> > -ls /lib64
> > lrwxrwxrwx. 1 root root 19 Dez 3 11:09 /lib64/libnss_winbind.so ->
> > libnss_winbind.so.2
> > -rwxr-xr-x. 1 root root 20K Out 28 07:44 /lib64/libnss_winbind.so.2
> >
> > -/etc/nsswitch.conf
> > passwd: files winbind
> > shadow: files winbind
> > group: files winbind
> >
> > -smb.conf
> > [global]
> > workgroup = INTRANET
> > realm = INTRANET.UNV
> > netbios name = ITU
> > server role = active directory domain controller
> > dns forwarder = 10.2.3.4
> > idmap_ldb:use rfc2307 = yes
> >
> > idmap config INTRANET:backend = ad
> > idmap config INTRANET:schema_mode = rfc2307
> > idmap config INTRANET:range = 10000-9999999
> >
> > idmap uid = 10000-9999999
> > idmap gid = 1000-9999999
> >
> > # Use settings from AD for login shell and home directory
> > winbind nss info = rfc2307
> >
> > winbind use default domain = yes
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > I appreciate any help about this issue.
> > Thank you.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list