[Samba] SAMBA not working as AD member server

Rowland Penny rowlandpenny at googlemail.com
Tue May 5 10:20:48 MDT 2015 

On 05/05/15 16:27, John Rykala wrote:
>
> I have set the UID and GID for individual users to 10000 as well as 
> Domain Users.
>

I hope that doesn't mean you have set all users to have the same UID, 
they do not need the GID.

> The resolve.conf does point to my DC.
>

Good

> The nsswitch file does have winbind for passwd shadow and group.
>

Good

> Not sure what nscd or avahi are. I loaded the centos as a basic server 
> with not much else loaded but samba. Going to use this mainly as 
> fileserver.
>

nscd is a cache program that can interfere with winbind and avahi is the 
linux version of apples bonjour, try running 'ps ax' and see if they are 
running.

> I am able to get samba working from another centos load using rid for 
> back end and it works fine.
>

OK this proves that it is a problem with the uidNumber & gidNumber 
attributes or something connected to them.

Do you have any local users that are also in AD ?

Does 'getent passwd domainuser' return anything ?

Rowland

> On May 5, 2015 7:51 AM, "Rowland Penny" <rowlandpenny at googlemail.com 
> <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     On 05/05/15 15:32, John Rykala wrote:
>
>
>         Yes IDMU is installed.
>
>
>     OK, so do your users have a 'uidNumber' attribute ?
>     also does 'Domain Users' have a 'gidNumber' attribute ?
>     are these numbers inside the range you have set in smb.conf
>     '10000-99999' ?
>
>     Does /etc/resolv.conf point to the DC as the nameserver ?
>
>     do the 'passwd' & 'group' lines in /etc/nsswitch.conf have
>     'winbind' added ?
>
>     You also posted this: 'however wbinfo -u only shown local accounts'
>
>     Which local accounts does it show ?
>     It isn't supposed to show local users, only domain users.
>
>     Is 'nscd' running, if so, try turning it off.
>
>     You are also using the 'local' TLD, if avahi is running, turn it
>     off, it isn't compatible with using 'local' as your TLD.
>
>     Rowland
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list