[Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes

Rowland Penny rowlandpenny at googlemail.com
Sun Mar 22 15:14:11 MDT 2015


On 22/03/15 20:04, Jhon P wrote:
> Even "getent" does not show me the domain users.
>
> Yes, im rember, im install sernet version the first time, after im
> uninstall it.
> As we know? if the version of winbind is correct and if the samba
> daemon running.
>
>
> 	
> Regards
> 	
>
>
> > Date: Sat, 21 Mar 2015 18:36:13 +0000
> > From: rowlandpenny at googlemail.com
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user
> name on Primary ACDC but wbinfo -u yes
> >
> > On 21/03/15 18:08, Jhon P wrote:
> > > Ready changed what you asked me and restart the samba service.
> > > Yet I only see the UID instead of domain users. :-/
> > >
> > > One question.
> > >
> > > I do not see the service "winbind or winbindd" running, is this
> correct.
> > > I can not find it in init.d
> > >
> > > Also "wbinfo -u" Show me the domain users.
> > >
> > > Thanks for helpme, sorry for noob question.
> > >
> > > > Date: Sat, 21 Mar 2015 09:00:37 +0000
> > > > From: rowlandpenny at googlemail.com
> > > > To: samba at lists.samba.org
> > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user
> > > name on Primary ACDC but wbinfo -u yes
> > > >
> > > > On 21/03/15 00:10, Jhon P wrote:
> > > > > Now I realized what the documentation says, sucessfull.
> > > > >
> > > > > I returned to run the above command and these results changed.
> > > > >
> > > > > Change the settings of smb.conf, now looks:
> > > > >
> > > > > [global]
> > > > > workgroup = KENNEDY
> > > > > realm = kennedy.edu
> > > > > netbios name = PROTEUS
> > > > > server role = active directory domain controller
> > > > > dns forwarder = 200.40.220.245
> > > > > allow dns updates = nonsecure and secure
> > > > > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > > > > winbind, ntp_signd, kcc, dnsupdate, dns, smb
> > > > > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> > > > > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> > > > > eventlog6, backupkey, dnsserver, winreg, srvsvc
> > > > >
> > > > > idmap_ldb:use rfc2307 = yes
> > > > > #winbind use default domain = yes
> > > > > #winbind enum users = yes
> > > > > #winbind enum groups = yes
> > > > > #winbind nested groups = yes
> > > > > log level = 3
> > > > > log file = /var/log/samba/samba.log
> > > > > # unix charset = ISO8859-1
> > > > >
> > > > > #[netlogon antes]
> > > > > #path = /usr/local/samba/var/locks/sysvol/kennedy.edu/scripts
> > > > > #read only = No
> > > > >
> > > > >
> > > > > Start of service.
> > > > >
> > > > > But I did not change anything is still showing me the UID
> instead of
> > > > > domain name, :-/ .
> > > > >
> > > > > > Date: Fri, 20 Mar 2015 21:46:58 +0000
> > > > > > From: rowlandpenny at googlemail.com
> > > > > > To: samba at lists.samba.org
> > > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display
> domain user
> > > > > name on Primary ACDC but wbinfo -u yes
> > > > > >
> > > > > > On 20/03/15 21:19, Jhon P wrote:
> > > > > > > Im think not provisioned with provisioned with '--use-rfc2307'
> > > > > > >
> > > > > > > root at proteus:~# ldbsearch -H
> /usr/local/samba/private/sam.ldb -b
> > > > > > > 'dc=kennedy,dc=edu' -s sub '(objectclass=msSFU30DomainInfo)'
> > > > > > > GENSEC backend 'gssapi_spnego' registered
> > > > > > > GENSEC backend 'gssapi_krb5' registered
> > > > > > > GENSEC backend 'gssapi_krb5_sasl' registered
> > > > > > > GENSEC backend 'schannel' registered
> > > > > > > GENSEC backend 'spnego' registered
> > > > > > > GENSEC backend 'ntlmssp' registered
> > > > > > > GENSEC backend 'krb5' registered
> > > > > > > GENSEC backend 'fake_gssapi_krb5' registered
> > > > > > > # Referral
> > > > > > > ref: ldap://kennedy.edu/CN=Configuration,DC=kennedy,DC=edu
> > > > > > >
> > > > > > > # Referral
> > > > > > > ref: ldap://kennedy.edu/DC=DomainDnsZones,DC=kennedy,DC=edu
> > > > > > >
> > > > > > > # Referral
> > > > > > > ref: ldap://kennedy.edu/DC=ForestDnsZones,DC=kennedy,DC=edu
> > > > > > >
> > > > > > > # returned 3 records
> > > > > > > # 0 entries
> > > > > > > # 3 referrals
> > > > > > >
> > > > > > >
> > > > > > > > Date: Fri, 20 Mar 2015 20:55:24 +0000
> > > > > > > > From: rowlandpenny at googlemail.com
> > > > > > > > To: samba at lists.samba.org
> > > > > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display
> > > domain user
> > > > > > > name on Primary ACDC but wbinfo -u yes
> > > > > > > >
> > > > > > > > On 20/03/15 20:39, Jhon P wrote:
> > > > > > > > > OK, i try removing this block, and add the line.
> > > > > > > > > Restart samba but nothing happends.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Date: Fri, 20 Mar 2015 20:01:04 +0000
> > > > > > > > > > From: rowlandpenny at googlemail.com
> > > > > > > > > > To: samba at lists.samba.org
> > > > > > > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display
> > > > > domain user
> > > > > > > > > name on Primary ACDC but wbinfo -u yes
> > > > > > > > > >
> > > > > > > > > > On 20/03/15 19:47, Jhon P wrote:
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Yes im have a file:
> > > > > > > > > > >
> > > > > > > > > > > -rw-r--r-- 1 root root 19K Jan 10 2014
> libnss_winbind.so.2
> > > > > > > > > > >
> > > > > > > > > > > My pam:
> > > > > > > > > > > PAM profiles to enable:
> > > > > > > > > > > │ [*] Unix authentication
> > > > > > > > > > > │ [*] Winbind NT/Active Directory authentication
> > > > > > > > > > > │ [ ] ConsoleKit Session Management
> > > > > > > > > > > │ [ ] Inheritable Capabilities Management
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >> Date: Fri, 20 Mar 2015 18:21:57 +0000
> > > > > > > > > > >> From: rowlandpenny at googlemail.com
> > > > > > > > > > >> To: samba at lists.samba.org
> > > > > > > > > > >> Subject: Re: [Samba] Samba 4.1 gentent, ls, no
> > > display domain
> > > > > > > > > user name on Primary ACDC but wbinfo -u yes
> > > > > > > > > > >>
> > > > > > > > > > >> On 20/03/15 17:32, Jhon P wrote:
> > > > > > > > > > >>> I install samba 4.1 from
> > > > > > > > > > >>> the sources. In Debian 7.0 "wheezy"
> > > > > > > > > > >>> a year ago.
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>> Thanks for responding.
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>> From: patocius at hotmail.com
> > > > > > > > > > >>> To: rowlandpenny at googlemail.com
> > > > > > > > > > >>> Subject: RE: [Samba] Samba 4.1 gentent, ls, no
> display
> > > > > domain
> > > > > > > > > user name on Primary ACDC but wbinfo -u yes
> > > > > > > > > > >>> Date: Fri, 20 Mar 2015 17:28:05 +0000
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>>
> > > > > > > > > > >>> I install samba 4.1 from the sources. In Debian 7.0
> > > > > "wheezy" a
> > > > > > > > > year ago.
> > > > > > > > > > >>>
> > > > > > > > > > >>> Thanks for responding.
> > > > > > > > > > >>>
> > > > > > > > > > >>> Patocius
> > > > > > > > > > >>>
> > > > > > > > > > >>>> Date: Fri, 20 Mar 2015 17:15:50 +0000
> > > > > > > > > > >>>> From: rowlandpenny at googlemail.com
> > > > > > > > > > >>>> To: samba at lists.samba.org
> > > > > > > > > > >>>> Subject: Re: [Samba] Samba 4.1 gentent, ls, no
> display
> > > > > domain
> > > > > > > > > user name on Primary ACDC but wbinfo -u yes
> > > > > > > > > > >>>>
> > > > > > > > > > >>>> On 20/03/15 16:58, Jhon P wrote:
> > > > > > > > > > >>>>> Hello friends:
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> I hope you can help me with this I'm struggling a
> > > year ago
> > > > > > > > > > >>>>> After breaking my head migrating a server with
> > > Samba Samba
> > > > > > > 2.1
> > > > > > > > > to 4.1 all stay perfect and functional.
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> All files are in this domain controller for
> now, and
> > > > > then be
> > > > > > > > > moved to a domain member, "the file server".
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> I configure the server as ADDC Samba 4.1 and
> up here
> > > > > all went
> > > > > > > > > well, the shares, the users, winbind, NetLogons, machines,
> > > etc.But
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> When I have to use the "ls" on the terminal
> > > display UID
> > > > > > > > > command instead of domain user name.
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> -rwxrwx --- 1 root users 100K February 28, 2012
> > > > > protocolo.pdf
> > > > > > > > > > >>>>> --- 1 root users -rwxrwx 21K June 27, 2013
> > > proyecto.doc
> > > > > > > > > > >>>>> --- 1 root users -rwxrwx 21K June 21, 2013 Project
> > > 3º.doc
> > > > > > > > > > >>>>> drwxrwxr-x 2 3000085 4.0K users Mar 17 12:59
> > > PROYECTO.txt
> > > > > > > > > > >>>>> -rwxrwxr-- 1 3000085 28K users Mar 12 12:11
> > > segundo.doc
> > > > > > > Project
> > > > > > > > > > >>>>> --- 1 root users -rwxrwx 96K July 22, 2013
> > > > > recomendaciones.cls
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> If I run the "gentent" command only shows me posix
> > > users.
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> Example:
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> daemon: x: 1: 1: daemon: / usr / sbin: / bin / sh
> > > > > > > > > > >>>>> bin: x: 2: 2: bin: / bin: / bin / sh
> > > > > > > > > > >>>>> sys: x: 3: 3: sys: / dev: / bin / sh
> > > > > > > > > > >>>>> sync: x: 4: 65534: sync: / bin: / bin / sync
> > > > > > > > > > >>>>> ...
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> But if I do, "wbinfo -u"
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> cupcakes
> > > > > > > > > > >>>>> claudiap
> > > > > > > > > > >>>>> johanao
> > > > > > > > > > >>>>> agustinap
> > > > > > > > > > >>>>> gabrielaa
> > > > > > > > > > >>>>> ....
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> My nsswitch.conf
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> # /etc/nsswitch.conf
> > > > > > > > > > >>>>> #
> > > > > > > > > > >>>>> # Example configuration of GNU Name Service Switch
> > > > > > > functionality.
> > > > > > > > > > >>>>> # If you have the `glibc-doc-reference' and `info'
> > > > > packages
> > > > > > > > > installed, try:
> > > > > > > > > > >>>>> # `info libc "Name Service Switch"' for
> > > information about
> > > > > > > this
> > > > > > > > > file.
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> passwd: compat winbind
> > > > > > > > > > >>>>> group: compat winbind
> > > > > > > > > > >>>>> shadow: compat
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> hosts: files mdns4_minimal [NOTFOUND=return]
> dns mdns4
> > > > > > > > > > >>>>> networks: files
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> protocols: db files
> > > > > > > > > > >>>>> services: db files
> > > > > > > > > > >>>>> ethers: db files
> > > > > > > > > > >>>>> rpc: db files
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> netgroup: nis
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> My smb.conf
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> [global]
> > > > > > > > > > >>>>> workgroup = PROTEUS
> > > > > > > > > > >>>>> realm = proteus.local
> > > > > > > > > > >>>>> netbios name = HARDCORE
> > > > > > > > > > >>>>> server role = active directory domain controller
> > > > > > > > > > >>>>> dns forwarder = 200.40.220.245
> > > > > > > > > > >>>>> allow dns updates = nonsecure and secure
> > > > > > > > > > >>>>> server services = rpc, nbt, wrepl, ldap,
> cldap, kdc,
> > > > > drepl,
> > > > > > > > > winbind, ntp_signd, kcc, dnsupdate, dns, smb
> > > > > > > > > > >>>>> dcerpc endpoint servers = epmapper, wkssvc,
> > > rpcecho, samr,
> > > > > > > > > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo,
> > > browser,
> > > > > > > > > eventlog6, backupkey, dnsserver, winreg, srvsvc
> > > > > > > > > > >>>>> winbind enum users = yes
> > > > > > > > > > >>>>> winbind enum groups = yes
> > > > > > > > > > >>>>> winbind use default domain = yes
> > > > > > > > > > >>>>> winbind nested groups = yes
> > > > > > > > > > >>>>> log level = 3
> > > > > > > > > > >>>>> log file = /var/log/samba/samba.log
> > > > > > > > > > >>>>> # unix charset = ISO8859-1
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> I appreciate any help you can give me
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>>> Regards.
> > > > > > > > > > >>>>>
> > > > > > > > > > >>>> How did you install samba4, did you compile it
> > > yourself
> > > > > or was
> > > > > > > > > it from
> > > > > > > > > > >>>> packages and on what OS.
> > > > > > > > > > >>>>
> > > > > > > > > > >>>> If you did compile it yourself, there is a couple
> > > of links
> > > > > > > that
> > > > > > > > > will
> > > > > > > > > > >>>> need creating and your users & groups will need
> to have
> > > > > > > > > uidNumbers &
> > > > > > > > > > >>>> gidNumbers.
> > > > > > > > > > >>>>
> > > > > > > > > > >>>> Rowland
> > > > > > > > > > >>>> --
> > > > > > > > > > >>>> To unsubscribe from this list go to the following
> > > URL and
> > > > > > > read the
> > > > > > > > > > >>>> instructions:
> > > https://lists.samba.org/mailman/options/samba
> > > > > > > > > > >>>
> > > > > > > > > > >> OK, have you got a link (or a file)
> > > > > > > > > > >> /lib/x86_64-linux-gnu/libnss_winbind.so.2 ?
> > > > > > > > > > >>
> > > > > > > > > > >> What does 'pam-auth-update' show ?
> > > > > > > > > > >>
> > > > > > > > > > >> Rowland
> > > > > > > > > > >>
> > > > > > > > > > >> --
> > > > > > > > > > >> To unsubscribe from this list go to the following
> URL and
> > > > > > > read the
> > > > > > > > > > >> instructions:
> > > https://lists.samba.org/mailman/options/samba
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > OK, try removing this block from smb.conf on the DC:
> > > > > > > > > >
> > > > > > > > > > Winbind enum users = yes
> > > > > > > > > > Winbind enum groups = yes
> > > > > > > > > > Winbind use default domain = yes
> > > > > > > > > > Winbind nested groups = yes
> > > > > > > > > >
> > > > > > > > > > Add:
> > > > > > > > > >
> > > > > > > > > > idmap_ldb:use rfc2307 = yes
> > > > > > > > > >
> > > > > > > > > > Rowland
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > To unsubscribe from this list go to the following
> URL and
> > > > > read the
> > > > > > > > > > instructions:
> https://lists.samba.org/mailman/options/samba
> > > > > > > >
> > > > > > > > can you remember if you provisioned with '--use-rfc2307' ?
> > > > > > > >
> > > > > > > > If unsure, you can find out if the required schema
> extension is
> > > > > > > > installed with:
> > > > > > > >
> > > > > > > > ldbsearch -H /usr/local/samba/private/sam.ldb -b
> > > > > 'dc=example,dc=com' -s
> > > > > > > > sub '(objectclass=msSFU30DomainInfo)'
> > > > > > > >
> > > > > > > > This relies on ldb-tools being installed normally, but
> as you
> > > > > compiled
> > > > > > > > samba yourself it should be available
> > > > > > > >
> > > > > > > > Rowland
> > > > > > > >
> > > > > > > > --
> > > > > > > > To unsubscribe from this list go to the following URL and
> > > read the
> > > > > > > > instructions: https://lists.samba.org/mailman/options/samba
> > > > > >
> > > > > > have a look here:
> > > > > >
> > > > > >
> > > > >
> > >
> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Extending_the_Schema_for_NIS_Extensions
> > > > > >
> > > > > > Rowland
> > > > > > --
> > > > > > To unsubscribe from this list go to the following URL and
> read the
> > > > > > instructions: https://lists.samba.org/mailman/options/samba
> > > >
> > > > OK, you need one further change after adding the ypServ30.ldif, you
> > > > need to change this:
> > > >
> > > > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
> > > > ntp_signd, kcc, dnsupdate, dns, smb
> > > >
> > > > To this:
> > > >
> > > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > > > winbind, ntp_signd, kcc, dnsupdate, dns
> > > >
> > > > Rowland
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions: https://lists.samba.org/mailman/options/samba
> >
> > OK, you have extended the schema as per the webpage link I posted, you
> > are now using s3fs instead of ntvfs and have restarted samba, you should
> > be able to get users with getent, did you have any version of samba
> > installed before installing samba4 ? if so you could have the wrong
> > libnss_winbind files in /lib
> >
> > As to your winbind question, If you are running any version of samba4
> > that is less than 4.2, winbind is built into the 'samba' daemon. With
> > samba 4.2, the 'samba' daemon starts the 'winbindd' deamon instead.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba


OK, run these two commands and post the result of the second command:

updatedb

locate libnss_winbind.so

Rowland



More information about the samba mailing list