[Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes

Rowland Penny rowlandpenny at googlemail.com
Sat Mar 21 12:36:13 MDT 2015


On 21/03/15 18:08, Jhon P wrote:
> Ready changed what you asked me and restart the samba service.
> Yet I only see the UID instead of domain users. :-/
>
> One question.
>
> I do not see the service "winbind or winbindd" running, is this correct.
> I can not find it in init.d
>
> Also "wbinfo -u" Show me the domain users.
>
> Thanks for helpme, sorry for noob question.
>
> > Date: Sat, 21 Mar 2015 09:00:37 +0000
> > From: rowlandpenny at googlemail.com
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user
> name on Primary ACDC but wbinfo -u yes
> >
> > On 21/03/15 00:10, Jhon P wrote:
> > > Now I realized what the documentation says, sucessfull.
> > >
> > > I returned to run the above command and these results changed.
> > >
> > > Change the settings of smb.conf, now looks:
> > >
> > > [global]
> > > workgroup = KENNEDY
> > > realm = kennedy.edu
> > > netbios name = PROTEUS
> > > server role = active directory domain controller
> > > dns forwarder = 200.40.220.245
> > > allow dns updates = nonsecure and secure
> > > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > > winbind, ntp_signd, kcc, dnsupdate, dns, smb
> > > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> > > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> > > eventlog6, backupkey, dnsserver, winreg, srvsvc
> > >
> > > idmap_ldb:use rfc2307 = yes
> > > #winbind use default domain = yes
> > > #winbind enum users = yes
> > > #winbind enum groups = yes
> > > #winbind nested groups = yes
> > > log level = 3
> > > log file = /var/log/samba/samba.log
> > > # unix charset = ISO8859-1
> > >
> > > #[netlogon antes]
> > > #path = /usr/local/samba/var/locks/sysvol/kennedy.edu/scripts
> > > #read only = No
> > >
> > >
> > > Start of service.
> > >
> > > But I did not change anything is still showing me the UID instead of
> > > domain name, :-/ .
> > >
> > > > Date: Fri, 20 Mar 2015 21:46:58 +0000
> > > > From: rowlandpenny at googlemail.com
> > > > To: samba at lists.samba.org
> > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user
> > > name on Primary ACDC but wbinfo -u yes
> > > >
> > > > On 20/03/15 21:19, Jhon P wrote:
> > > > > Im think not provisioned with provisioned with '--use-rfc2307'
> > > > >
> > > > > root at proteus:~# ldbsearch -H /usr/local/samba/private/sam.ldb -b
> > > > > 'dc=kennedy,dc=edu' -s sub '(objectclass=msSFU30DomainInfo)'
> > > > > GENSEC backend 'gssapi_spnego' registered
> > > > > GENSEC backend 'gssapi_krb5' registered
> > > > > GENSEC backend 'gssapi_krb5_sasl' registered
> > > > > GENSEC backend 'schannel' registered
> > > > > GENSEC backend 'spnego' registered
> > > > > GENSEC backend 'ntlmssp' registered
> > > > > GENSEC backend 'krb5' registered
> > > > > GENSEC backend 'fake_gssapi_krb5' registered
> > > > > # Referral
> > > > > ref: ldap://kennedy.edu/CN=Configuration,DC=kennedy,DC=edu
> > > > >
> > > > > # Referral
> > > > > ref: ldap://kennedy.edu/DC=DomainDnsZones,DC=kennedy,DC=edu
> > > > >
> > > > > # Referral
> > > > > ref: ldap://kennedy.edu/DC=ForestDnsZones,DC=kennedy,DC=edu
> > > > >
> > > > > # returned 3 records
> > > > > # 0 entries
> > > > > # 3 referrals
> > > > >
> > > > >
> > > > > > Date: Fri, 20 Mar 2015 20:55:24 +0000
> > > > > > From: rowlandpenny at googlemail.com
> > > > > > To: samba at lists.samba.org
> > > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display
> domain user
> > > > > name on Primary ACDC but wbinfo -u yes
> > > > > >
> > > > > > On 20/03/15 20:39, Jhon P wrote:
> > > > > > > OK, i try removing this block, and add the line.
> > > > > > > Restart samba but nothing happends.
> > > > > > >
> > > > > > >
> > > > > > > > Date: Fri, 20 Mar 2015 20:01:04 +0000
> > > > > > > > From: rowlandpenny at googlemail.com
> > > > > > > > To: samba at lists.samba.org
> > > > > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display
> > > domain user
> > > > > > > name on Primary ACDC but wbinfo -u yes
> > > > > > > >
> > > > > > > > On 20/03/15 19:47, Jhon P wrote:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Yes im have a file:
> > > > > > > > >
> > > > > > > > > -rw-r--r-- 1 root root 19K Jan 10 2014 libnss_winbind.so.2
> > > > > > > > >
> > > > > > > > > My pam:
> > > > > > > > > PAM profiles to enable:
> > > > > > > > > │ [*] Unix authentication
> > > > > > > > > │ [*] Winbind NT/Active Directory authentication
> > > > > > > > > │ [ ] ConsoleKit Session Management
> > > > > > > > > │ [ ] Inheritable Capabilities Management
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >> Date: Fri, 20 Mar 2015 18:21:57 +0000
> > > > > > > > >> From: rowlandpenny at googlemail.com
> > > > > > > > >> To: samba at lists.samba.org
> > > > > > > > >> Subject: Re: [Samba] Samba 4.1 gentent, ls, no
> display domain
> > > > > > > user name on Primary ACDC but wbinfo -u yes
> > > > > > > > >>
> > > > > > > > >> On 20/03/15 17:32, Jhon P wrote:
> > > > > > > > >>> I install samba 4.1 from
> > > > > > > > >>> the sources. In Debian 7.0 "wheezy"
> > > > > > > > >>> a year ago.
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>> Thanks for responding.
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>> From: patocius at hotmail.com
> > > > > > > > >>> To: rowlandpenny at googlemail.com
> > > > > > > > >>> Subject: RE: [Samba] Samba 4.1 gentent, ls, no display
> > > domain
> > > > > > > user name on Primary ACDC but wbinfo -u yes
> > > > > > > > >>> Date: Fri, 20 Mar 2015 17:28:05 +0000
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>>
> > > > > > > > >>> I install samba 4.1 from the sources. In Debian 7.0
> > > "wheezy" a
> > > > > > > year ago.
> > > > > > > > >>>
> > > > > > > > >>> Thanks for responding.
> > > > > > > > >>>
> > > > > > > > >>> Patocius
> > > > > > > > >>>
> > > > > > > > >>>> Date: Fri, 20 Mar 2015 17:15:50 +0000
> > > > > > > > >>>> From: rowlandpenny at googlemail.com
> > > > > > > > >>>> To: samba at lists.samba.org
> > > > > > > > >>>> Subject: Re: [Samba] Samba 4.1 gentent, ls, no display
> > > domain
> > > > > > > user name on Primary ACDC but wbinfo -u yes
> > > > > > > > >>>>
> > > > > > > > >>>> On 20/03/15 16:58, Jhon P wrote:
> > > > > > > > >>>>> Hello friends:
> > > > > > > > >>>>>
> > > > > > > > >>>>> I hope you can help me with this I'm struggling a
> year ago
> > > > > > > > >>>>> After breaking my head migrating a server with
> Samba Samba
> > > > > 2.1
> > > > > > > to 4.1 all stay perfect and functional.
> > > > > > > > >>>>>
> > > > > > > > >>>>> All files are in this domain controller for now, and
> > > then be
> > > > > > > moved to a domain member, "the file server".
> > > > > > > > >>>>>
> > > > > > > > >>>>> I configure the server as ADDC Samba 4.1 and up here
> > > all went
> > > > > > > well, the shares, the users, winbind, NetLogons, machines,
> etc.But
> > > > > > > > >>>>>
> > > > > > > > >>>>> When I have to use the "ls" on the terminal
> display UID
> > > > > > > command instead of domain user name.
> > > > > > > > >>>>>
> > > > > > > > >>>>> -rwxrwx --- 1 root users 100K February 28, 2012
> > > protocolo.pdf
> > > > > > > > >>>>> --- 1 root users -rwxrwx 21K June 27, 2013
> proyecto.doc
> > > > > > > > >>>>> --- 1 root users -rwxrwx 21K June 21, 2013 Project
> 3º.doc
> > > > > > > > >>>>> drwxrwxr-x 2 3000085 4.0K users Mar 17 12:59
> PROYECTO.txt
> > > > > > > > >>>>> -rwxrwxr-- 1 3000085 28K users Mar 12 12:11
> segundo.doc
> > > > > Project
> > > > > > > > >>>>> --- 1 root users -rwxrwx 96K July 22, 2013
> > > recomendaciones.cls
> > > > > > > > >>>>>
> > > > > > > > >>>>> If I run the "gentent" command only shows me posix
> users.
> > > > > > > > >>>>>
> > > > > > > > >>>>> Example:
> > > > > > > > >>>>>
> > > > > > > > >>>>> daemon: x: 1: 1: daemon: / usr / sbin: / bin / sh
> > > > > > > > >>>>> bin: x: 2: 2: bin: / bin: / bin / sh
> > > > > > > > >>>>> sys: x: 3: 3: sys: / dev: / bin / sh
> > > > > > > > >>>>> sync: x: 4: 65534: sync: / bin: / bin / sync
> > > > > > > > >>>>> ...
> > > > > > > > >>>>>
> > > > > > > > >>>>> But if I do, "wbinfo -u"
> > > > > > > > >>>>>
> > > > > > > > >>>>> cupcakes
> > > > > > > > >>>>> claudiap
> > > > > > > > >>>>> johanao
> > > > > > > > >>>>> agustinap
> > > > > > > > >>>>> gabrielaa
> > > > > > > > >>>>> ....
> > > > > > > > >>>>>
> > > > > > > > >>>>> My nsswitch.conf
> > > > > > > > >>>>>
> > > > > > > > >>>>> # /etc/nsswitch.conf
> > > > > > > > >>>>> #
> > > > > > > > >>>>> # Example configuration of GNU Name Service Switch
> > > > > functionality.
> > > > > > > > >>>>> # If you have the `glibc-doc-reference' and `info'
> > > packages
> > > > > > > installed, try:
> > > > > > > > >>>>> # `info libc "Name Service Switch"' for
> information about
> > > > > this
> > > > > > > file.
> > > > > > > > >>>>>
> > > > > > > > >>>>> passwd: compat winbind
> > > > > > > > >>>>> group: compat winbind
> > > > > > > > >>>>> shadow: compat
> > > > > > > > >>>>>
> > > > > > > > >>>>> hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
> > > > > > > > >>>>> networks: files
> > > > > > > > >>>>>
> > > > > > > > >>>>> protocols: db files
> > > > > > > > >>>>> services: db files
> > > > > > > > >>>>> ethers: db files
> > > > > > > > >>>>> rpc: db files
> > > > > > > > >>>>>
> > > > > > > > >>>>> netgroup: nis
> > > > > > > > >>>>>
> > > > > > > > >>>>> My smb.conf
> > > > > > > > >>>>>
> > > > > > > > >>>>> [global]
> > > > > > > > >>>>> workgroup = PROTEUS
> > > > > > > > >>>>> realm = proteus.local
> > > > > > > > >>>>> netbios name = HARDCORE
> > > > > > > > >>>>> server role = active directory domain controller
> > > > > > > > >>>>> dns forwarder = 200.40.220.245
> > > > > > > > >>>>> allow dns updates = nonsecure and secure
> > > > > > > > >>>>> server services = rpc, nbt, wrepl, ldap, cldap, kdc,
> > > drepl,
> > > > > > > winbind, ntp_signd, kcc, dnsupdate, dns, smb
> > > > > > > > >>>>> dcerpc endpoint servers = epmapper, wkssvc,
> rpcecho, samr,
> > > > > > > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo,
> browser,
> > > > > > > eventlog6, backupkey, dnsserver, winreg, srvsvc
> > > > > > > > >>>>> winbind enum users = yes
> > > > > > > > >>>>> winbind enum groups = yes
> > > > > > > > >>>>> winbind use default domain = yes
> > > > > > > > >>>>> winbind nested groups = yes
> > > > > > > > >>>>> log level = 3
> > > > > > > > >>>>> log file = /var/log/samba/samba.log
> > > > > > > > >>>>> # unix charset = ISO8859-1
> > > > > > > > >>>>>
> > > > > > > > >>>>>
> > > > > > > > >>>>> I appreciate any help you can give me
> > > > > > > > >>>>>
> > > > > > > > >>>>> Regards.
> > > > > > > > >>>>>
> > > > > > > > >>>> How did you install samba4, did you compile it
> yourself
> > > or was
> > > > > > > it from
> > > > > > > > >>>> packages and on what OS.
> > > > > > > > >>>>
> > > > > > > > >>>> If you did compile it yourself, there is a couple
> of links
> > > > > that
> > > > > > > will
> > > > > > > > >>>> need creating and your users & groups will need to have
> > > > > > > uidNumbers &
> > > > > > > > >>>> gidNumbers.
> > > > > > > > >>>>
> > > > > > > > >>>> Rowland
> > > > > > > > >>>> --
> > > > > > > > >>>> To unsubscribe from this list go to the following
> URL and
> > > > > read the
> > > > > > > > >>>> instructions:
> https://lists.samba.org/mailman/options/samba
> > > > > > > > >>>
> > > > > > > > >> OK, have you got a link (or a file)
> > > > > > > > >> /lib/x86_64-linux-gnu/libnss_winbind.so.2 ?
> > > > > > > > >>
> > > > > > > > >> What does 'pam-auth-update' show ?
> > > > > > > > >>
> > > > > > > > >> Rowland
> > > > > > > > >>
> > > > > > > > >> --
> > > > > > > > >> To unsubscribe from this list go to the following URL and
> > > > > read the
> > > > > > > > >> instructions:
> https://lists.samba.org/mailman/options/samba
> > > > > > > > >
> > > > > > > >
> > > > > > > > OK, try removing this block from smb.conf on the DC:
> > > > > > > >
> > > > > > > > Winbind enum users = yes
> > > > > > > > Winbind enum groups = yes
> > > > > > > > Winbind use default domain = yes
> > > > > > > > Winbind nested groups = yes
> > > > > > > >
> > > > > > > > Add:
> > > > > > > >
> > > > > > > > idmap_ldb:use rfc2307 = yes
> > > > > > > >
> > > > > > > > Rowland
> > > > > > > >
> > > > > > > > --
> > > > > > > > To unsubscribe from this list go to the following URL and
> > > read the
> > > > > > > > instructions: https://lists.samba.org/mailman/options/samba
> > > > > >
> > > > > > can you remember if you provisioned with '--use-rfc2307' ?
> > > > > >
> > > > > > If unsure, you can find out if the required schema extension is
> > > > > > installed with:
> > > > > >
> > > > > > ldbsearch -H /usr/local/samba/private/sam.ldb -b
> > > 'dc=example,dc=com' -s
> > > > > > sub '(objectclass=msSFU30DomainInfo)'
> > > > > >
> > > > > > This relies on ldb-tools being installed normally, but as you
> > > compiled
> > > > > > samba yourself it should be available
> > > > > >
> > > > > > Rowland
> > > > > >
> > > > > > --
> > > > > > To unsubscribe from this list go to the following URL and
> read the
> > > > > > instructions: https://lists.samba.org/mailman/options/samba
> > > >
> > > > have a look here:
> > > >
> > > >
> > >
> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Extending_the_Schema_for_NIS_Extensions
> > > >
> > > > Rowland
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions: https://lists.samba.org/mailman/options/samba
> >
> > OK, you need one further change after adding the ypServ30.ldif, you
> > need to change this:
> >
> > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
> > ntp_signd, kcc, dnsupdate, dns, smb
> >
> > To this:
> >
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > winbind, ntp_signd, kcc, dnsupdate, dns
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba

OK, you have extended the schema as per the webpage link I posted, you
are now using s3fs instead of ntvfs and have restarted samba, you should
be able to get users with getent, did you have any version of samba
installed before installing samba4 ? if so you could have the wrong
libnss_winbind files in /lib

As to your winbind question, If you are running any version of samba4
that is less than 4.2, winbind is built into the 'samba' daemon. With
samba 4.2, the 'samba' daemon starts the 'winbindd' deamon instead.

Rowland



More information about the samba mailing list