[Samba] wbinfo works, id and getent don't

David Bear dwbear75 at gmail.com
Fri Oct 16 19:38:26 UTC 2015 

This must bt the issue -- I need to add the uid/gid numbers on the unix
attributes tab.

I did add the rfc2307 option in the smb conf -- but not directly on the
groups and users..


On Fri, Oct 16, 2015 at 1:05 AM, Rowland Penny <rowlandpenny241155 at gmail.com
> wrote:

> On 16/10/15 00:00, David Bear wrote:
>
>> This is a common thread and I'm wondering where they answer is.. I can see
>> this theme posted many times -- recently here
>> https://lists.samba.org/archive/samba/2015-May/191483.html and for which
>> I
>> was not able to find a solution
>>
>> The situation is this..
>> Samba 4.2 compiled from source on ubuntu 14. server.
>>
>> Samba 4.2 AD DC is working great in sliced server.
>>
>> the samba member server joined fine. wbinfo -u  on the member server lists
>> domain users. wbinfo -g lists domain groups.
>>
>> So far, great following this great how to at
>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server Thanks
>> Roland...
>>
>> now the rub..
>> id DomainUser -- no such user
>> getent passwd lists local users, not domain users
>>
>> ok -- googling about this happens.. following this thread
>> http://www.spinics.net/lists/samba/msg125293.html doesn't apply --
>> because
>> nmbd starts fine.
>>
>> So, I'm hoping for some suggestions here.. Below is smb.conf and
>> nsswitch.conf
>>
>>
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages installed,
>> try:
>> # `info libc "Name Service Switch"' for information about this file.
>>
>> passwd:         compat winbind
>> group:          compat winbind
>> shadow:         compat
>>
>> hosts:          files dns
>> networks:       files
>>
>> protocols:      db files
>> services:       db files
>> ethers:         db files
>> rpc:            db files
>>
>> netgroup:       nis
>>
>>
>> # ### smb.conf
>> # [global]
>>
>> netbios name = tcpm-srv1
>> workgroup = IN
>> security = ADS
>> realm = IN.TRANSCITYPM.COM
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 2000-9999
>> idmap config IN:backend = ad
>> idmap config IN:schema_mode = rfc2307
>> idmap config IN:range = 10000-99999
>>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind refresh tickets = yes
>>
>> bind interfaces only = yes
>> interfaces = em1
>> log level = 5
>> log file = /usr/local/samba/var/log.%m
>>
>> [share1]
>> path = /home/fileserv1/share1
>> read only = no
>>
>>
>> any idea's???
>>
>>
> Hi, do your users have a uidNumber attribute containing a unique number
> between 10000 to 999999 ?
> Also, does 'Domain Users' have a gidNumber, again inside the 10000-99999
> range ?
>
> These attributes *do not* exist as standard, you have to create them
> manually, either using the ADUC Unix Attributes tab or by directly editing
> AD, you cannot do this with samba-tool.
>
> I did come up with a set of patches to make samba-tool work just like
> ADUC, but they were rejected because I was using deterministic numbers (I
> used 10000 as a start point, just like ADUC) and there was some talk of a
> better way of doing it, but then, as far as I can see, there has been talk
> of a better way of doing it since before samba 4 was released.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
David Bear
mobile: (602) 903-6476

More information about the samba mailing list