[Samba] Samba4 ad dc with Centos7
L.P.H. van Belle
belle at bazuin.nl
Tue Dec 8 13:37:26 UTC 2015
On the DC, when i run
getent passwd i only see my linux users.
getent passwd username shows the ad user.
Same for the groups
Greetz,
Louis
Van: Marcio Costa [mailto:marciofoz at gmail.com]
Verzonden: dinsdag 8 december 2015 14:35
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] Samba4 ad dc with Centos7
Hi!
If you run 'getent passwd', do you see all the users (ad+local) or only local users ?
2015-12-08 11:15 GMT-02:00 L.P.H. van Belle <belle at bazuin.nl>:
Wel, thats wrong, when i to the following.
wbinfo –u i get all my users.
wbinfo –g i get all my groups
getent passwd username i get my user:UID:GID:NAME:homedir:shel
id username gives also the correct info.. (uid= .. gid= ) groups = etc..
And i use winbind on a DC. ( samba 4.2.5 sernet on debian wheezy )
Greetz,
Louis
Van: mathias dufresne [mailto:infractory at gmail.com]
Verzonden: dinsdag 8 december 2015 14:11
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba4 ad dc with Centos7
I believe there is no enumeration allowed by default whatever you use to generate system users from AD (winbind, sssd or nslcd).
Cheers,
mathias
2015-12-08 13:42 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
Hai,
Few things.
> idmap gid = 1000-9999999
did you also change the start GID in the AD?
https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC#Defining_the_next_UID.2FGID_to_use
> "getent group" and "getent passwd"
On a DC, use : getent group "domain users"
shows only the group name + GID.
You setup looks almost good, im only missing something like :
## map id's outside to domain to tdb files.
## map ids from the domain and (*) the range may not overlap !
idmap config * : backend = tdb
idmap config * : range = 2000-9999
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcio Costa
> Verzonden: dinsdag 8 december 2015 13:28
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba4 ad dc with Centos7
>
> Hello, I may have a problem with winbind setup.
>
> -with wbinfo -g and wbinfo -u I get all group/user from AD/DC.
> -with getent group "Domain Users" and getent passwd "remote_user" I can
> see
> the info about the specific group and specific user.
> -with getent group and getent passwd I only see my local group/users.
>
> -I believe that using "getent group" and "getent passwd" I must see all
> users, right ?
>
>
> -I'm using the SerNetSamba Version 4.2.5-SerNet-RedHat-19.el7;
> -ps auxf show me:
> root 24519 0.0 4.5 578196 45700 ? Ss 09:59 0:00
> /usr/sbin/samba -D
> root 24527 0.0 3.2 578196 32812 ? S 09:59 0:00 \_
> /usr/sbin/samba -D
> root 24529 0.0 4.7 617856 48016 ? Ss 09:59 0:00 | \_
> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> root 24546 0.0 3.2 617856 32936 ? S 09:59 0:00 |
> \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>
> root 24536 0.0 3.2 578196 32788 ? S 09:59 0:00 \_
> /usr/sbin/samba -D
> root 24541 0.0 4.5 587664 46480 ? Ss 09:59 0:00 | \_
> /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
> root 24545 0.0 3.5 605676 36492 ? S 09:59 0:00 |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
> root 24555 0.0 3.6 605992 36680 ? S 10:00 0:00 |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
>
> -ls /lib64
> lrwxrwxrwx. 1 root root 19 Dez 3 11:09 /lib64/libnss_winbind.so ->
> libnss_winbind.so.2
> -rwxr-xr-x. 1 root root 20K Out 28 07:44 /lib64/libnss_winbind.so.2
>
> -/etc/nsswitch.conf
> passwd: files winbind
> shadow: files winbind
> group: files winbind
>
> -smb.conf
> [global]
> workgroup = INTRANET
> realm = INTRANET.UNV
> netbios name = ITU
> server role = active directory domain controller
> dns forwarder = 10.2.3.4
> idmap_ldb:use rfc2307 = yes
>
> idmap config INTRANET:backend = ad
> idmap config INTRANET:schema_mode = rfc2307
> idmap config INTRANET:range = 10000-9999999
>
> idmap uid = 10000-9999999
> idmap gid = 1000-9999999
>
> # Use settings from AD for login shell and home directory
> winbind nss info = rfc2307
>
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> I appreciate any help about this issue.
> Thank you.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list