[Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes

Rowland Penny rowlandpenny at googlemail.com
Fri Mar 20 14:01:04 MDT 2015


On 20/03/15 19:47, Jhon P wrote:
>
>
> Yes im have a file:
>
> -rw-r--r-- 1 root root 19K Jan 10  2014 libnss_winbind.so.2
>
> My pam:
>   PAM profiles to enable:
>   │    [*] Unix authentication
>   │    [*] Winbind NT/Active Directory authentication
>   │    [ ] ConsoleKit Session Management
>   │    [ ] Inheritable Capabilities Management
>
>
>> Date: Fri, 20 Mar 2015 18:21:57 +0000
>> From: rowlandpenny at googlemail.com
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
>>
>> On 20/03/15 17:32, Jhon P wrote:
>>> I install samba 4.1 from
>>> the sources. In Debian 7.0 "wheezy"
>>> a year ago.
>>>
>>>
>>>
>>>
>>>
>>> Thanks for responding.
>>>
>>>
>>>
>>>
>>> From: patocius at hotmail.com
>>> To: rowlandpenny at googlemail.com
>>> Subject: RE: [Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
>>> Date: Fri, 20 Mar 2015 17:28:05 +0000
>>>
>>>
>>>
>>>
>>> I install samba 4.1 from the sources. In Debian 7.0 "wheezy" a year ago.
>>>
>>>    Thanks for responding.
>>>
>>> Patocius
>>>
>>>> Date: Fri, 20 Mar 2015 17:15:50 +0000
>>>> From: rowlandpenny at googlemail.com
>>>> To: samba at lists.samba.org
>>>> Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
>>>>
>>>> On 20/03/15 16:58, Jhon P wrote:
>>>>> Hello friends:
>>>>>
>>>>> I hope you can help me with this I'm struggling a year ago
>>>>> After breaking my head migrating a server with Samba Samba 2.1 to 4.1 all stay perfect and functional.
>>>>>
>>>>> All files are in this domain controller for now, and then be moved to a domain member, "the file server".
>>>>>
>>>>> I configure the server as ADDC Samba 4.1 and up here all went well, the shares, the users, winbind, NetLogons, machines, etc.But
>>>>>
>>>>> When I have to use the "ls" on the terminal display UID command instead of domain user name.
>>>>>
>>>>> -rwxrwx --- 1 root users 100K February 28, 2012 protocolo.pdf
>>>>> --- 1 root users -rwxrwx 21K June 27, 2013 proyecto.doc
>>>>> --- 1 root users -rwxrwx 21K June 21, 2013 Project 3º.doc
>>>>> drwxrwxr-x 2 3000085 4.0K users Mar 17 12:59 PROYECTO.txt
>>>>> -rwxrwxr-- 1 3000085 28K users Mar 12 12:11 segundo.doc Project
>>>>> --- 1 root users -rwxrwx 96K July 22, 2013 recomendaciones.cls
>>>>>
>>>>> If I run the "gentent" command only shows me posix users.
>>>>>
>>>>> Example:
>>>>>
>>>>> daemon: x: 1: 1: daemon: / usr / sbin: / bin / sh
>>>>> bin: x: 2: 2: bin: / bin: / bin / sh
>>>>> sys: x: 3: 3: sys: / dev: / bin / sh
>>>>> sync: x: 4: 65534: sync: / bin: / bin / sync
>>>>> ...
>>>>>
>>>>> But if I do, "wbinfo -u"
>>>>>
>>>>> cupcakes
>>>>> claudiap
>>>>> johanao
>>>>> agustinap
>>>>> gabrielaa
>>>>> ....
>>>>>
>>>>> My nsswitch.conf
>>>>>
>>>>> # /etc/nsswitch.conf
>>>>> #
>>>>> # Example configuration of GNU Name Service Switch functionality.
>>>>> # If you have the `glibc-doc-reference' and `info' packages installed, try:
>>>>> # `info libc "Name Service Switch"' for information about this file.
>>>>>
>>>>> passwd:         compat winbind
>>>>> group:          compat winbind
>>>>> shadow:         compat
>>>>>
>>>>> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
>>>>> networks:       files
>>>>>
>>>>> protocols:      db files
>>>>> services:       db files
>>>>> ethers:         db files
>>>>> rpc:            db files
>>>>>
>>>>> netgroup:       nis
>>>>>
>>>>> My smb.conf
>>>>>
>>>>> [global]
>>>>>            workgroup = PROTEUS
>>>>>            realm = proteus.local
>>>>>            netbios name = HARDCORE
>>>>>            server role = active directory domain controller
>>>>>            dns forwarder = 200.40.220.245
>>>>>            allow dns updates = nonsecure and secure
>>>>>            server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, smb
>>>>>            dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc
>>>>>            winbind enum users = yes
>>>>>            winbind enum groups = yes
>>>>>            winbind use default domain = yes
>>>>>            winbind nested groups = yes
>>>>>            log level = 3
>>>>>            log file = /var/log/samba/samba.log
>>>>> #      unix charset = ISO8859-1
>>>>>
>>>>>
>>>>> I appreciate any help you can give me
>>>>>
>>>>> Regards.
>>>>>     		 	   		
>>>> How did you install samba4, did you compile it yourself or was it from
>>>> packages and on what OS.
>>>>
>>>> If you did compile it yourself, there is a couple of links that will
>>>> need creating and your users & groups will need to have uidNumbers &
>>>> gidNumbers.
>>>>
>>>> Rowland
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>    		 	   		   		 	   		
>> OK, have you got a link (or a file)
>> /lib/x86_64-linux-gnu/libnss_winbind.so.2 ?
>>
>> What does 'pam-auth-update' show ?
>>
>> Rowland
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>   		 	   		

OK, try removing this block from smb.conf on the DC:

Winbind enum users = yes
Winbind enum groups = yes
Winbind use default domain = yes
Winbind nested groups = yes

Add:

idmap_ldb:use rfc2307 = yes

Rowland



More information about the samba mailing list