[Samba] Domain member seems to work, wbinfo -u not
Rowland penny
rpenny at samba.org
Fri Apr 15 13:07:56 UTC 2016
On 15/04/16 13:43, L.P.H. van Belle wrote:
> Ok, i have tested a bit more also.
>
> Now i have this problem also on some other servers with D. Jessie.
>
> The sernet 4.2.11 debian wheezy works fine as far i can see now.
>
> All my member servers have these settings ( see below),.
> Versies used are
> 4.1.17 (all ok) ( debian jessie packages )
> 4.2.20 (fail wbinfo -u) ( debian jessie packages )
> 4.2.11 (all ok) ( debian wheezy sernet packages )
> 4.3.6 (all ok) ( debian sid recompiled to jessie package )
> 4.3.7 (fail wbinfo -u) ( debian sid recompiled to jessie package )
>
> 2 servers, now both on 4.2.10
> On both work :
> id username
> getent username
> wbinfo -g
>
> And both not wbinfo -u
> disable-ing tls didnt help.
>
> Setting : ldap server require strong auth = no, yes or allow_sasl_over_tls didnt help.
>
> Rebooted the server also.
>
> DC's setup.
> Backend AD.
> All users have UID and needed groups also.
>
> Config member server.
> [global]
> workgroup = NTDOM
> security = ADS
> realm = INTERNAL.DOMAIN.TLD
>
> netbios name = memberserver10
> domain master = no
> host msdfs = no
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> client signing = if_required
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config NTDOM:backend = ad
> idmap config NTDOM:schema_mode = rfc2307
> idmap config NTDOM:range = 10000-3999999
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> winbind offline logon = yes
> winbind expand groups = 4
>
> wins server = 192.168.0.1, 192.168.0.2
>
> username map = /etc/samba/samba_usermapping
>
> usershare path =
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> unix extensions = no
> wide links = no
> reset on zero vc = yes
> veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
> hide unreadable = yes
>
> load printers = Yes
> printing = cups
> printcap name = cups
>
> tls enabled = yes
> tls keyfile = ....
> tls certfile = ....
> tls cafile = ....
>
>
>
>
OK, this is strange, getent works but 'wbinfo -u' doesn't, it is usually
the other way round :-)
Louis, you probably already have cranked the log level up to 10, but if
you haven't, can you and then see if anything pops up.
As for your list of versions:
4.1.17 (all ok) ( debian jessie packages ) You really
need to upgrade
4.2.20 (fail wbinfo -u) ( debian jessie packages ) Where did this come
from, highest Samba 4.2 version: 4.2.11
4.2.11 (all ok) ( debian wheezy sernet packages )
4.3.6 (all ok) ( debian sid recompiled to jessie package )
4.3.7 (fail wbinfo -u) ( debian sid recompiled to jessie package ) Do
not use, use 4.3.8
Rowland
More information about the samba
mailing list