[Samba] help, please, troubleshooting winbind testing during setup of Samba 4 AD member server
derek at bisi.ca
Fri Jan 9 10:16:00 MST 2015
On 15-01-09 12:34 AM, L.P.H. van Belle wrote:
> Did you assign any UID/GID to users/groups in the AD.. i think not.
> If No, please do so first else you wont see any output.
> how : https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC
> My advice use the windows ADUC to set the GID/UID
> If Yes.. Ok.. thats strange,..
> post your (sanitized) smb.conf
This document seems aimed at a samba DC. I am using a windows DC for
troubleshooting this problem. Am I missing something?
smb.conf is here: http://pastebin.com/QJfh4RLN
netbios name = testmember
workgroup = HO
realm = HO.NAME.ORG
security = ADS
encrypt passwords = yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind trusted domains only = no
idmap config HO:range = 500-40000
idmap config HO:schema_mode = rfc2307
idmap config HO:backend = ad
idmap config *:range = 70001-80000
idmap config *: backend = tdb
path = /mnt/smbshares/test
read only = No
PS - as a matter of etiquette / effective communication should I send to
the list as well, or just post to the gmane.org newsgroup?
>> -----Oorspronkelijk bericht-----
>> Van: d3r3kshaw at gmail.com
>> [mailto:samba-bounces at lists.samba.org] Namens BISI
>> Verzonden: vrijdag 9 januari 2015 4:16
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] help, please, troubleshooting winbind
>> testing during setup of Samba 4 AD member server
>> Hello, all!
>> Well, third time is *not* the charm for me. (I've been through the
>> process 3 times with 3 different DCs).
>> I am trying to set up a member server, using Samba 4.1.14, and washing
>> out when getting to the winbind testing. I've tried ignoring
>> the failure
>> and pressing on, but that didn't get anywhere.
>> In this instance, I have a freshly-installed, configured and
>> Server 2008r2 Domain Controller, operating at server 2003 forest and
>> domain functional level.
>> following the instructions in:
>> Completely stock compile from the tarball. I am using Debian 7.7
>> (wheezy), and samba 4.1.14,
>> ./configure --with-ads --with-shared-modules=idmap_ad --enable-cups \
>> make quicktest passes:
>> make quicktest
>> ...ALL OK (2086 tests in 310 testsuites)
>> ...A summary with detailed information can be found in:
>> ... ./st/summary
>> ...'testonly' finished successfully (11m24.779s)
>> ./st/summary is found here:
>> daemons started manually with
>> /usr/local/samba/sbin/smbd --daemon -l /var/log/samba/ -d 1
>> /usr/local/samba/sbin/nmbd --daemon -l /var/log/samba/ -d 1
>> /usr/local/samba/sbin/winbindd --daemon -l /var/log/samba/ -d 1
>> The commands:
>> wbinfo -u
>> wbinfo -g
>> show the users and groups from the AD Domain.
>> but the other tests
>> # id DomainUser
>> # getent passwd
>> # getent group
>> # chown DomainUser:DomainGroup file
>> # chgrp DomainGroup file
>> do not get any information from the domain, seemingly only
>> working with
>> the local user information.
>> Where do I begin troubleshooting?
>> Any help/guidance is greatly appreciated.
>> my smb.conf is here:
>> log.winbindd (created with debug level 1) is here:
>> Kerberos seems to be working:
>> root at testmember:~# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: userID at HO.NAME.ORG
>> Valid starting Expires Service principal
>> 08/01/2015 18:46 09/01/2015 04:46 krbtgt/HO.NAME.ORG at HO.NAME.ORG
>> renew until 09/01/2015 18:46
>> root at testmember:~# cat /etc/nsswitch.conf
>> # /etc/nsswitch.conf
>> passwd: compat winbind
>> group: compat winbind
>> shadow: compat
>> DNS seems to be working:
>> root at testmember:~# host -t SRV _ldap._tcp.ho.name.org.
>> _ldap._tcp.ho.name.org has SRV record 0 100 389 namedc.ho.name.org.
>> root at testmember:~# host -t SRV _kerberos._udp.ho.name.org.
>> _kerberos._udp.ho.name.org has SRV record 0 100 88 namedc.ho.name.org.
>> root at testmember:~# host -t A namedc.ho.name.org.
>> namedc.ho.name.org has address 192.168.8.1
>> Thanks in advance for any help!
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba