[Samba] SAMBA 4 Member Server - Help please
David Thompson
david at digitaltransitions.ca
Wed Jan 14 14:46:38 MST 2015
Hi all,
I'm quite stuck here at the moment. I have tried this multiple times to get built and can't seem to get it working properly. I have a test virtual server running as a domain controller with Samba 4.1.15 using (9.10.1) bind_dlz as the back end and all works properly. I have the server setup as domain controller and have added a user and I can look that user up with the samba-tool command.
I cannot however get the users to appear when issue any of the commands such as ID or getent.
I have followed the following articles located here and both seem to compile and configure without issue.
Samba Domain Controller: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Introduction
Samba Domain Member: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Introduction
Kerberos works fine as I can run kinit and kdestroy on both the DC and member server and they work fine. Time is set to the default time servers right now as installed by the ntp install, but both servers are in sync for their time and working correctly.
On the member server, I am able to get it bound to the domain without issue and I can see that it adds its name into the DNS service.
I cannot however get it to lookup any users either, which is odd, since when I setup a SAMBA3 server to be a member server, I am able to get winbindd, smbd, and nmbd playing nicely together and can look users up without issue against the DC.
I'm not exactly sure what I'm missing here so I thought I would turn to the list. I saw on the list last week that there was a similar issue but that was with an Actual windows DC and not a SambaDC, so that issue doesn't apply to me here.
Here is the relevant information (I think) that's needed and I appreciate any help anyone can provide me with in order to get this working properly.
Base systems are both Debian Wheezy 64 Bit with all applied updates and patches.
Samba: 4.1.15 (compiled by hand on both)
Samba: 4.1.15 on member server: ./configure --with-ads --with-shared-modules=idmap_ad
Bind: 9.10.1 (compiled by hand on DC)
SMB.CONF file on DC Server
=================================================
# Global parameters
[global]
workgroup = DIGIDNS
realm = DIGIDNS.PRIVATE
netbios name = DC01
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/digidns.private/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[home]
path = /home/
read only = no
=================================================
SMB.CONF file on member Server
=================================================
[global]
netbios name = fs
workgroup = DIGIDNS
security = ADS
realm = DIGIDNS.PRIVATE
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config DIGIDNS:backend = ad
idmap config DIGIDNS:schema_mode = rfc2307
idmap config DIGIDNS:range = 500-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
=================================================
nsswitch.conf file on member server:
=================================================
passwd: compat winbind
group: compat winbind
shadow: compat
=================================================
Please let me know if you any other information is required or if its best for me to attend clown college instead...especially if its to attend clown college.
Thanks,
David
More information about the samba
mailing list