[Samba] help, please, troubleshooting winbind testing during setup of Samba 4 AD member server

BISI d3r3kshaw at gmail.com
Fri Jan 9 10:16:00 MST 2015 

On 15-01-09 12:34 AM, L.P.H. van Belle wrote:
> Hai,
>
> Did you assign any UID/GID to users/groups in the AD.. i think not.
>
> If No, please do so first else you wont see any output.
> 	how : https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC
> 		My advice use the windows ADUC to set the GID/UID
>
> If Yes.. Ok.. thats strange,..
> post your (sanitized) smb.conf
>
> Greetz,
>
> Louis
>
>
Thanks, Louis!

This document seems aimed at a samba DC.  I am using a windows DC for 
troubleshooting this problem.  Am I missing something?

smb.conf is here: http://pastebin.com/QJfh4RLN

     # /usr/local/samba/etc/smb.conf
     [global]
        netbios name = testmember
        workgroup = HO
        realm = HO.NAME.ORG
        security = ADS
        encrypt passwords = yes

        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind nss info = rfc2307
        winbind trusted domains only = no

        idmap config HO:range = 500-40000
        idmap config HO:schema_mode = rfc2307
        idmap config HO:backend = ad
        idmap config *:range = 70001-80000
        idmap config *: backend = tdb

     [demoshare]
        path = /mnt/smbshares/test
        read only = No

     #eof

Cheers!
d.

PS - as a matter of etiquette / effective communication should I send to 
the list as well, or just post to the gmane.org newsgroup?

>
>> -----Oorspronkelijk bericht-----
>> Van: d3r3kshaw at gmail.com
>> [mailto:samba-bounces at lists.samba.org] Namens BISI
>> Verzonden: vrijdag 9 januari 2015 4:16
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] help, please, troubleshooting winbind
>> testing during setup of Samba 4 AD member server
>>
>> Hello, all!
>>
>> Well, third time is *not* the charm for me. (I've been through the
>> process 3 times with 3 different DCs).
>>
>> I am trying to set up a member server, using Samba 4.1.14, and washing
>> out when getting to the winbind testing. I've tried ignoring
>> the failure
>> and pressing on, but that didn't get anywhere.
>>
>> In this instance, I have a freshly-installed, configured and
>> functioning
>> Server 2008r2 Domain Controller, operating at server 2003 forest and
>> domain functional level.
>>
>> following the instructions in:
>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>> https://wiki.samba.org/index.php/OS_Requirements
>>
>>
>> Completely stock compile from the tarball.  I am using Debian 7.7
>> (wheezy), and samba 4.1.14,
>>
>> ./configure --with-ads --with-shared-modules=idmap_ad --enable-cups \
>>              --enable-selftest
>>
>> make quicktest passes:
>> make quicktest
>>   ...ALL OK (2086 tests in 310 testsuites)
>>
>>   ...A summary with detailed information can be found in:
>>   ...  ./st/summary
>>   ...'testonly' finished successfully (11m24.779s)
>>
>> ./st/summary is found here:
>> http://pastebin.com/zjkHDYUX
>>
>>
>> daemons started manually with
>> /usr/local/samba/sbin/smbd --daemon -l /var/log/samba/ -d 1
>> /usr/local/samba/sbin/nmbd --daemon -l /var/log/samba/ -d 1
>> /usr/local/samba/sbin/winbindd --daemon -l /var/log/samba/ -d 1
>>
>>
>> The commands:
>> wbinfo -u
>> wbinfo -g
>> show the users and groups from the AD Domain.
>>
>> but the other tests
>> # id DomainUser
>> # getent passwd
>> # getent group
>> # chown DomainUser:DomainGroup file
>> # chgrp DomainGroup file
>> etc.
>> do not get any information from the domain, seemingly only
>> working with
>> the local user information.
>>
>> Where do I begin troubleshooting?
>>
>> Any help/guidance is greatly appreciated.
>>
>> my smb.conf is here:
>> http://pastebin.com/QJfh4RLN
>>
>> log.winbindd  (created with debug level 1) is here:
>> http://pastebin.com/S2maUADf
>>
>> Kerberos seems to be working:
>> root at testmember:~# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: userID at HO.NAME.ORG
>>
>> Valid starting    Expires           Service principal
>> 08/01/2015 18:46  09/01/2015 04:46  krbtgt/HO.NAME.ORG at HO.NAME.ORG
>> 	renew until 09/01/2015 18:46
>>
>>
>> root at testmember:~# cat /etc/nsswitch.conf
>> # /etc/nsswitch.conf
>>
>> passwd:         compat winbind
>> group:          compat winbind
>> shadow:         compat
>> <snip>
>>
>> DNS seems to be working:
>> root at testmember:~# host -t SRV _ldap._tcp.ho.name.org.
>> _ldap._tcp.ho.name.org has SRV record 0 100 389 namedc.ho.name.org.
>>
>> root at testmember:~# host -t SRV _kerberos._udp.ho.name.org.
>> _kerberos._udp.ho.name.org has SRV record 0 100 88 namedc.ho.name.org.
>>
>> root at testmember:~# host -t A namedc.ho.name.org.
>> namedc.ho.name.org has address 192.168.8.1
>>
>> Thanks in advance for any help!
>> d.
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list