[Samba] winbind problems
Dale Schroeder
dale at BriannasSaladDressing.com
Fri Nov 6 17:51:46 UTC 2015
I had to move an existing member server to new hardware. Using getent
on this Debian Jessie system, I cannot get winbind to retrieve the
domain users, except for administrator, guest, tsinternetuser, and krbtgt.
Although none of my other working systems have it, I added the
"dedicated keytab", "kerberos method", and "winbind refresh tickets"
parameters to match the wiki.
The only problem I have noticed is that installing libnss-winbind no
longer creates the symbolic link between libnss_winbind.so.2 and
libnss_winbind.so. I had to do that manually. Unlike the WIKI, the
other directory to link does not exist on this system or the working
systems.
net ads testjoin is OK. The domain SID matches the other servers.
wbinfo works.
I must have missed something, but I'm at a loss as to what it is. Can
anyone see anything?
Thanks,
Dale
Samba version: 4.1.17+dfsg-2
Output of testparm -s
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Samba File Server
#server role = member server
security = ADS
allow trusted domains = No
map to guest = Bad User
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
username map = /etc/samba/users.map
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
#map untrusted to domain = Yes
syslog = 0
log file = /var/log/samba/log.%m
name resolve order = host, wins, bcast
deadtime = 15
load printers = No
printcap name = /dev/null
disable spoolss = Yes
dns proxy = No
wins server = 192.168.1.xyz
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
template homedir = /data/users/%U
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
recycle:versions = Yes
recycle:maxsize = 20971520
recycle:exclude = *.bks *.BKF *.tmp *.TMP *.temp *.TEMP *.o *.obj ~$* *.~??
recycle:repository = /var/domain/trash/%U
idmap config DOMAIN : range = 1000 - 2000
idmap config DOMAIN : backend = rid
idmap config * : range = 1000000 - 2000000
idmap config * : backend = tdb
admin users = root, DOMAIN\administrator
hosts allow = 192.168.0.0/16
ea support = Yes
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
veto files = /trash/
veto oplock files = /*.doc/*.xls/*.mdb/*.ldb/*.bkf/*.DOC/*.XLS/*.MDB/*.LDB/*.pst/*.PST/
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = recycle
#krb5.conf as per wiki
[libdefaults]
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
*resolv.conf per wiki
search domain.com
nameserver 192.168.1.abc
*nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: fines dns wins
networks: files dns
protocols: db files
services: db files
ethers: db files
rpc: db files
More information about the samba
mailing list