[Samba] AD accounts not available to OS
Philippe LeCavalier
support at plecavalier.com
Thu Dec 22 01:37:33 UTC 2016
Anyone?
On Sat, Dec 10, 2016 at 2:37 PM Philippe LeCavalier <support at plecavalier.com>
wrote:
> On Sat, Dec 10, 2016 at 9:37 AM Philippe LeCavalier <
> support at plecavalier.com> wrote:
>
> On Sat, Dec 10, 2016 at 9:10 AM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
> On Sat, 10 Dec 2016 13:56:38 +0000
> Philippe LeCavalier <support at plecavalier.com> wrote:
>
> > The main docs page, really? That's not helpful at all.
> >
> > On Sat, Dec 10, 2016 at 3:04 AM Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On Sat, 10 Dec 2016 02:00:53 +0000
> > > Philippe LeCavalier via samba <samba at lists.samba.org> wrote:
> > >
> > > > Hey guys,
> > > >
> > > > I'm setting up a Samba 4 AD DC server on Debian 8 (see pkg list
> > > > below).
> > > >
> > > > Things are working relatively well except that I'm concerned that
> > > > the domain accounts are not available to the OS. ie getent group
> > > > "Domain Admins" returns nothing.
> > > >
> > > > I've implemented roaming profiles which is working very well but
> > > > redirected folders are not and I'm thinking it's a permissions
> > > > issue relating back to the OS not seeing the domain users/groups.
> > > >
> > > > I'm a long time Samba NT domain admin but this is my first brush
> > > > with Samba as a true AD DC. I do also have extensive knowledge of
> > > > Windows AD DC's from back in the day.
> > > >
> > > > samba 2:4.2.10+dfsg-0+deb8u
> > > > winbind 2:4.2.10+dfsg-0+deb8u
> > > > Debian 3.16.36-1+deb8u2
> > > > Whatever other pkg info is required just ask.
> > > >
> > > > Thanks in advance!
> > >
> > > Go and read this:
> > >
> > > https://wiki.samba.org/index.php/Main_Page
> > >
> > > Rowland
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> >
>
> It is a darn sight more helpful than the info you provided to try and
> get your problem fixed, but lets try going a bit deeper into the wiki,
> see here:
>
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
> and
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> They should supply you with enough info to fix your problem.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
> I provided what I thought was relevant and stated if more info was needed
> to just ask. Instead, you just refer me to the main page of the wiki. I
> don't know why you assume I didn't comb through the entire wiki looking for
> the answer to my problem. Naturally, that's the first thing I did. Also, I
> went through all the config related to NIS and Winbind and cannot find
> anything that would lead me to think the OS shouldn't see the domain groups
> and users. I checked the logs, still no errors related to that.
>
> Can we get past this? I don't know what you expect from me? I'm asking for
> help. What is it that you're missing from me to actually help me?
> --
> Regards,
> Phil
>
>
> FWIW in the "SeDiskOperatorPrivilege" section of the wiki it suggests that
> if the output of "getent group "Domain Admins" does not return the expected
> result, to refer to the NSS Configuration -which is blank. So I'm not clear
> at all on how to troubleshoot that side.
>
> For the idmap, in the Prerequisite section, there is no detail on how to
> set: "Users must have at least the uidNumber and groups the gidNumber
> attribute set. When using the rfc2307 winbind NSS info mode, user accounts
> must also have the loginShell, unixHomeDirectory and primaryGroupID set."
>
> I have RSAT / ADUC install on a workstation and can connect to the DC and
> open the UNIX Attributes tab.
> --
> Regards,
> Phil
>
--
Regards,
Phil
More information about the samba
mailing list