[Samba] help, please, troubleshooting winbind testing during setup of Samba 4 AD member server
BISI
d3r3kshaw at gmail.com
Thu Jan 8 20:16:26 MST 2015
Hello, all!
Well, third time is *not* the charm for me. (I've been through the
process 3 times with 3 different DCs).
I am trying to set up a member server, using Samba 4.1.14, and washing
out when getting to the winbind testing. I've tried ignoring the failure
and pressing on, but that didn't get anywhere.
In this instance, I have a freshly-installed, configured and functioning
Server 2008r2 Domain Controller, operating at server 2003 forest and
domain functional level.
following the instructions in:
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
https://wiki.samba.org/index.php/OS_Requirements
Completely stock compile from the tarball. I am using Debian 7.7
(wheezy), and samba 4.1.14,
./configure --with-ads --with-shared-modules=idmap_ad --enable-cups \
--enable-selftest
make quicktest passes:
make quicktest
...ALL OK (2086 tests in 310 testsuites)
...A summary with detailed information can be found in:
... ./st/summary
...'testonly' finished successfully (11m24.779s)
./st/summary is found here:
http://pastebin.com/zjkHDYUX
daemons started manually with
/usr/local/samba/sbin/smbd --daemon -l /var/log/samba/ -d 1
/usr/local/samba/sbin/nmbd --daemon -l /var/log/samba/ -d 1
/usr/local/samba/sbin/winbindd --daemon -l /var/log/samba/ -d 1
The commands:
wbinfo -u
wbinfo -g
show the users and groups from the AD Domain.
but the other tests
# id DomainUser
# getent passwd
# getent group
# chown DomainUser:DomainGroup file
# chgrp DomainGroup file
etc.
do not get any information from the domain, seemingly only working with
the local user information.
Where do I begin troubleshooting?
Any help/guidance is greatly appreciated.
my smb.conf is here:
http://pastebin.com/QJfh4RLN
log.winbindd (created with debug level 1) is here:
http://pastebin.com/S2maUADf
Kerberos seems to be working:
root at testmember:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: userID at HO.NAME.ORG
Valid starting Expires Service principal
08/01/2015 18:46 09/01/2015 04:46 krbtgt/HO.NAME.ORG at HO.NAME.ORG
renew until 09/01/2015 18:46
root at testmember:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
<snip>
DNS seems to be working:
root at testmember:~# host -t SRV _ldap._tcp.ho.name.org.
_ldap._tcp.ho.name.org has SRV record 0 100 389 namedc.ho.name.org.
root at testmember:~# host -t SRV _kerberos._udp.ho.name.org.
_kerberos._udp.ho.name.org has SRV record 0 100 88 namedc.ho.name.org.
root at testmember:~# host -t A namedc.ho.name.org.
namedc.ho.name.org has address 192.168.8.1
Thanks in advance for any help!
d.
More information about the samba
mailing list