[Samba] Domain member seems to work, wbinfo -u not (update2)
Rowland penny
rpenny at samba.org
Sat Apr 16 20:31:20 UTC 2016
On 16/04/16 21:09, L.P.H. van Belle wrote:
> New update.
>
>
>
> I now have done about 6 machines.
>
> 2 with samba 4.2.10 work fine, 2 not.
>
> 1 with samba 4.3.7 works fine, 1 not.
>
>
>
> I saw Jelmer updated the samba to 4.3.8 in sid, so i recompiled these to jessie.
>
> I upgraded the 4.3.7 to 4.3.8
Hi Louis, debian 4.2.10 is the same as Samba 4.2.11 and debian 4.3.7 is
the same as 4.3.8. There was a regression and this was fixed with a
patch, the debian packages install the patch separately, the later Samba
tarballs include the patch. This confused the hell out of me, until it
was explained.
>
> Same result. Wbinfo -g works, -u not. For both servers.
>
>
>
> I notice one strange thing here.
>
> I have 2 servers, both samba 4.2.10, all stock debian packages.
>
> My file server and my print server, both installed with the same script.
>
> Only the name changed here in the script. One works ok, one not.
>
>
>
> I notice some difference between these 2.
>
>
>
> The file server, "wbinfo -u" works, and "getent passwd" works.
>
> The print server, "wbinfo -u" does not work, and "getent passwd" works not,
>
> but "getent passwd username" works.
>
>
>
> Also the output is bit different.
>
> File server shows : username:*:10002:10000:U. username:/home/users/username:/bin/bash
>
> Print server shows : username:*:10002:10000::/home/users/username:/bin/bash
>
>
>
> So anyone an idea where to look from here. But ^^^ must be a clue..
>
>
>
>
>
> What did i check if settings are the same on both servers.
>
> Samba smb.conf, beside hostnames ip shares used, all same.
>
> Resolv.conf checked.
>
> Nsswitch.conf checked.
>
> Added the TLS parameters, ssl, checked.
>
> Idmap.conf checked. ( needed for the nfs kerberized things )
>
> UID/GID all there where its needed.
>
>
>
> And example of my config.
>
>
>
> [global]
>
> workgroup = NTDOM
>
> security = ADS
>
> realm = REALM.DOM
>
> netbios name = PRINT1
>
> domain master = no
>
> host msdfs = no
>
> dns proxy = yes
>
>
>
> kerberos method = secrets and keytab
>
> dedicated keytab file = /etc/krb5.keytab
>
> client signing = if_required
>
>
>
> ## map id's outside to domain to tdb files.
>
> idmap config *: backend = tdb
>
> idmap config *: range = 2000-9999
>
> ## map ids from the domain and (*) the range may not overlap !
>
> idmap config NTDOM: backend = ad
>
> idmap config NTDOM: schema_mode = rfc2307
>
> idmap config NTDOM: range = 10000-3999999
>
>
>
> # Use home directory and shell information from AD
>
> winbind nss info = rfc2307
>
>
>
> winbind trusted domains only = no
>
> winbind use default domain = yes
>
> winbind expand groups = 4
>
> winbind enum users = yes
>
> winbind enum groups = yes
>
> # offline login and refresh keytab (tickets)
>
> winbind refresh tickets = yes
>
> winbind offline logon = yes
>
>
>
> # disable printing completely
>
> load printers = no
>
> printing = bsd
>
> printcap name = /dev/null
>
> disable spoolss = yes
>
>
>
> #Add and Update TLS Key
>
> tls enabled = yes
>
> tls keyfile = /etc/ssl/private/SOMEFILEk.pem
>
> tls certfile = /etc/ssl/certs/SOMEFILEc.pem
>
> tls cafile = /etc/ssl/certs/COMPANY-ca.pem
>
>
>
>
>
> Greetz,
>
>
>
> Louis
>
>
>
>
I am now updating my DC's and I will set up a new domain member (in a
VM) using a self compiled 4.4.2, I will report back later.
Rowland
More information about the samba
mailing list