[Samba] Samba 4.2 AD, DC and winbindd
Jacky Chan
jacky at jesstech.com
Wed Jun 3 03:58:27 MDT 2015
I think i figure out what is the cause of the problem and why the uid
and gid is not synchronized in my AD and DC.
The answer is: flush the cache (net cache flush) after changing smb.conf
The case is that:
1) I setup the AD with " idmap_ldb:use rfc2307 = yes"
2) start up the samba in AD
3) use RSAT to assign uid and gid to all the build-in users and groups
4) test with wbinfo in AD to make sure that the assigned uids and gids
are correct.
5) setup a DC but forgot to add "idmap_ldb:use rfc2307 = yes" in the
smb.conf
6) start up the samba in DC
7) wbinfo in DC give mismatch uid and gid
8) add "idmap_ldb:use rfc2307 = yes" back to the smb.conf of the DC
9) restart the samba in DC, but the wbinfo still give the wrong uid and
gid (later i found out i need to flush the cache)
10) add the "server services = +winbind, -winbindd" (use winbind not
winbindd) to the smb.conf of the DC
11) restart the samba in DC, wbinfo give the correct uids and gids.
So, is that mean winbind does not use the cache but winbindd does?
After flush the cache in AD and DC, i removed the "server services =
+winbind, -winbindd" from smb.conf, and wbinfo give the correct uid and gid
Here comes other problem:
with winbind, "getent passwd" can list local and domain users
but with winbindd, why it only show local users?
I have
passwd: compat winbind
group: compat winbind
in /etc/nsswitch.conf
Thanks
More information about the samba
mailing list