[Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes

Rowland Penny rowlandpenny at googlemail.com
Fri Mar 20 14:55:24 MDT 2015 

On 20/03/15 20:39, Jhon P wrote:
> OK, i try removing this block, and add the line.
> Restart samba but nothing happends.
>
>
> > Date: Fri, 20 Mar 2015 20:01:04 +0000
> > From: rowlandpenny at googlemail.com
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user 
> name on Primary ACDC but wbinfo -u yes
> >
> > On 20/03/15 19:47, Jhon P wrote:
> > >
> > >
> > > Yes im have a file:
> > >
> > > -rw-r--r-- 1 root root 19K Jan 10 2014 libnss_winbind.so.2
> > >
> > > My pam:
> > > PAM profiles to enable:
> > > │ [*] Unix authentication
> > > │ [*] Winbind NT/Active Directory authentication
> > > │ [ ] ConsoleKit Session Management
> > > │ [ ] Inheritable Capabilities Management
> > >
> > >
> > >> Date: Fri, 20 Mar 2015 18:21:57 +0000
> > >> From: rowlandpenny at googlemail.com
> > >> To: samba at lists.samba.org
> > >> Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain 
> user name on Primary ACDC but wbinfo -u yes
> > >>
> > >> On 20/03/15 17:32, Jhon P wrote:
> > >>> I install samba 4.1 from
> > >>> the sources. In Debian 7.0 "wheezy"
> > >>> a year ago.
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> Thanks for responding.
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> From: patocius at hotmail.com
> > >>> To: rowlandpenny at googlemail.com
> > >>> Subject: RE: [Samba] Samba 4.1 gentent, ls, no display domain 
> user name on Primary ACDC but wbinfo -u yes
> > >>> Date: Fri, 20 Mar 2015 17:28:05 +0000
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> I install samba 4.1 from the sources. In Debian 7.0 "wheezy" a 
> year ago.
> > >>>
> > >>> Thanks for responding.
> > >>>
> > >>> Patocius
> > >>>
> > >>>> Date: Fri, 20 Mar 2015 17:15:50 +0000
> > >>>> From: rowlandpenny at googlemail.com
> > >>>> To: samba at lists.samba.org
> > >>>> Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain 
> user name on Primary ACDC but wbinfo -u yes
> > >>>>
> > >>>> On 20/03/15 16:58, Jhon P wrote:
> > >>>>> Hello friends:
> > >>>>>
> > >>>>> I hope you can help me with this I'm struggling a year ago
> > >>>>> After breaking my head migrating a server with Samba Samba 2.1 
> to 4.1 all stay perfect and functional.
> > >>>>>
> > >>>>> All files are in this domain controller for now, and then be 
> moved to a domain member, "the file server".
> > >>>>>
> > >>>>> I configure the server as ADDC Samba 4.1 and up here all went 
> well, the shares, the users, winbind, NetLogons, machines, etc.But
> > >>>>>
> > >>>>> When I have to use the "ls" on the terminal display UID 
> command instead of domain user name.
> > >>>>>
> > >>>>> -rwxrwx --- 1 root users 100K February 28, 2012 protocolo.pdf
> > >>>>> --- 1 root users -rwxrwx 21K June 27, 2013 proyecto.doc
> > >>>>> --- 1 root users -rwxrwx 21K June 21, 2013 Project 3º.doc
> > >>>>> drwxrwxr-x 2 3000085 4.0K users Mar 17 12:59 PROYECTO.txt
> > >>>>> -rwxrwxr-- 1 3000085 28K users Mar 12 12:11 segundo.doc Project
> > >>>>> --- 1 root users -rwxrwx 96K July 22, 2013 recomendaciones.cls
> > >>>>>
> > >>>>> If I run the "gentent" command only shows me posix users.
> > >>>>>
> > >>>>> Example:
> > >>>>>
> > >>>>> daemon: x: 1: 1: daemon: / usr / sbin: / bin / sh
> > >>>>> bin: x: 2: 2: bin: / bin: / bin / sh
> > >>>>> sys: x: 3: 3: sys: / dev: / bin / sh
> > >>>>> sync: x: 4: 65534: sync: / bin: / bin / sync
> > >>>>> ...
> > >>>>>
> > >>>>> But if I do, "wbinfo -u"
> > >>>>>
> > >>>>> cupcakes
> > >>>>> claudiap
> > >>>>> johanao
> > >>>>> agustinap
> > >>>>> gabrielaa
> > >>>>> ....
> > >>>>>
> > >>>>> My nsswitch.conf
> > >>>>>
> > >>>>> # /etc/nsswitch.conf
> > >>>>> #
> > >>>>> # Example configuration of GNU Name Service Switch functionality.
> > >>>>> # If you have the `glibc-doc-reference' and `info' packages 
> installed, try:
> > >>>>> # `info libc "Name Service Switch"' for information about this 
> file.
> > >>>>>
> > >>>>> passwd: compat winbind
> > >>>>> group: compat winbind
> > >>>>> shadow: compat
> > >>>>>
> > >>>>> hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
> > >>>>> networks: files
> > >>>>>
> > >>>>> protocols: db files
> > >>>>> services: db files
> > >>>>> ethers: db files
> > >>>>> rpc: db files
> > >>>>>
> > >>>>> netgroup: nis
> > >>>>>
> > >>>>> My smb.conf
> > >>>>>
> > >>>>> [global]
> > >>>>> workgroup = PROTEUS
> > >>>>> realm = proteus.local
> > >>>>> netbios name = HARDCORE
> > >>>>> server role = active directory domain controller
> > >>>>> dns forwarder = 200.40.220.245
> > >>>>> allow dns updates = nonsecure and secure
> > >>>>> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
> winbind, ntp_signd, kcc, dnsupdate, dns, smb
> > >>>>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, 
> eventlog6, backupkey, dnsserver, winreg, srvsvc
> > >>>>> winbind enum users = yes
> > >>>>> winbind enum groups = yes
> > >>>>> winbind use default domain = yes
> > >>>>> winbind nested groups = yes
> > >>>>> log level = 3
> > >>>>> log file = /var/log/samba/samba.log
> > >>>>> # unix charset = ISO8859-1
> > >>>>>
> > >>>>>
> > >>>>> I appreciate any help you can give me
> > >>>>>
> > >>>>> Regards.
> > >>>>>
> > >>>> How did you install samba4, did you compile it yourself or was 
> it from
> > >>>> packages and on what OS.
> > >>>>
> > >>>> If you did compile it yourself, there is a couple of links that 
> will
> > >>>> need creating and your users & groups will need to have 
> uidNumbers &
> > >>>> gidNumbers.
> > >>>>
> > >>>> Rowland
> > >>>> --
> > >>>> To unsubscribe from this list go to the following URL and read the
> > >>>> instructions: https://lists.samba.org/mailman/options/samba
> > >>>
> > >> OK, have you got a link (or a file)
> > >> /lib/x86_64-linux-gnu/libnss_winbind.so.2 ?
> > >>
> > >> What does 'pam-auth-update' show ?
> > >>
> > >> Rowland
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions: https://lists.samba.org/mailman/options/samba
> > >
> >
> > OK, try removing this block from smb.conf on the DC:
> >
> > Winbind enum users = yes
> > Winbind enum groups = yes
> > Winbind use default domain = yes
> > Winbind nested groups = yes
> >
> > Add:
> >
> > idmap_ldb:use rfc2307 = yes
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba

can you remember if you provisioned with '--use-rfc2307' ?

If unsure, you can find out if the required schema extension is 
installed with:

ldbsearch -H /usr/local/samba/private/sam.ldb -b 'dc=example,dc=com' -s 
sub '(objectclass=msSFU30DomainInfo)'

This relies on ldb-tools being installed normally, but as you compiled 
samba yourself it should be available

Rowland

More information about the samba mailing list