[Samba] Domain member seems to work, wbinfo -u not
rpenny at samba.org
Fri Apr 15 13:07:56 UTC 2016
On 15/04/16 13:43, L.P.H. van Belle wrote:
> Ok, i have tested a bit more also.
> Now i have this problem also on some other servers with D. Jessie.
> The sernet 4.2.11 debian wheezy works fine as far i can see now.
> All my member servers have these settings ( see below),.
> Versies used are
> 4.1.17 (all ok) ( debian jessie packages )
> 4.2.20 (fail wbinfo -u) ( debian jessie packages )
> 4.2.11 (all ok) ( debian wheezy sernet packages )
> 4.3.6 (all ok) ( debian sid recompiled to jessie package )
> 4.3.7 (fail wbinfo -u) ( debian sid recompiled to jessie package )
> 2 servers, now both on 4.2.10
> On both work :
> id username
> getent username
> wbinfo -g
> And both not wbinfo -u
> disable-ing tls didnt help.
> Setting : ldap server require strong auth = no, yes or allow_sasl_over_tls didnt help.
> Rebooted the server also.
> DC's setup.
> Backend AD.
> All users have UID and needed groups also.
> Config member server.
> workgroup = NTDOM
> security = ADS
> realm = INTERNAL.DOMAIN.TLD
> netbios name = memberserver10
> domain master = no
> host msdfs = no
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> client signing = if_required
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config NTDOM:backend = ad
> idmap config NTDOM:schema_mode = rfc2307
> idmap config NTDOM:range = 10000-3999999
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> winbind offline logon = yes
> winbind expand groups = 4
> wins server = 192.168.0.1, 192.168.0.2
> username map = /etc/samba/samba_usermapping
> usershare path =
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> unix extensions = no
> wide links = no
> reset on zero vc = yes
> veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
> hide unreadable = yes
> load printers = Yes
> printing = cups
> printcap name = cups
> tls enabled = yes
> tls keyfile = ....
> tls certfile = ....
> tls cafile = ....
OK, this is strange, getent works but 'wbinfo -u' doesn't, it is usually
the other way round :-)
Louis, you probably already have cranked the log level up to 10, but if
you haven't, can you and then see if anything pops up.
As for your list of versions:
4.1.17 (all ok) ( debian jessie packages ) You really
need to upgrade
4.2.20 (fail wbinfo -u) ( debian jessie packages ) Where did this come
from, highest Samba 4.2 version: 4.2.11
4.2.11 (all ok) ( debian wheezy sernet packages )
4.3.6 (all ok) ( debian sid recompiled to jessie package )
4.3.7 (fail wbinfo -u) ( debian sid recompiled to jessie package ) Do
not use, use 4.3.8
More information about the samba