[Samba] Validate Ids Multiple DC
L.P.H. van Belle
belle at bazuin.nl
Fri Jan 29 15:15:55 UTC 2016
Yes, im sure..
Check :
dc1:~# samba-tool testparm -v | grep winbind
winbind separator = \
winbind cache time = 300
winbind reconnect delay = 30
winbind request timeout = 60
winbind max clients = 200
winbind enum users = No
winbind enum groups = No
winbind use default domain = Yes <====
winbind trusted domains only = No
winbind nested groups = Yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
winbind rpc only = No
winbind max domain connections = 1
winbindd socket directory = /var/run/samba/winbindd
winbindd privileged socket directory = /var/lib/samba/winbindd_privileged
winbind sealed pipes = Yes
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
If you want a copy of my complete config, let me know.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: vrijdag 29 januari 2016 16:06
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Validate Ids Multiple DC
>
> On 29/01/16 12:07, L.P.H. van Belle wrote:
> > Hai Rowland.
> >
> > What you tried is ok, or im misunderstanding you.
> >
> > For me :
> > All members give me.
> > getent passwd myuser
> > myuser:*:10002:10000::/home/users/myuser:/bin/bash
> >
> > id myuser
> > uid=10002(myuser) gid=10000(domain users)
> >
> > the memberservers are or sernet samba 4.2.7 or debian samba 4.1.17
> >
> > and on the DCs. ( only sernet samba 4.2.7 )
> >
> > getent passwd myuser
> > myuser:*:10002:10000:L.P.H. van Belle:/home/users/ myuser:/bin/bash
> >
> > id myuser
> > uid=10002(myuser) gid=10000(domain users)
> >
> > forgot to mention 1 restriction.
> >
> > In the DC's i also have
> > template shell = /bin/bash
> > template homedir = /home/users/%U
> >
> > The restriction is that you must use above shell and homedirs for all
> you users and must be the same in the AD unix tab.
> >
> > The GECOS is different, but who uses that..
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
>
> OK, I get virtually the same replies as you, except for 'getent passwd
> rowland' I get:
>
> HOME\rowland:*:10000:10000:Rowland Penny:/home/HOME/rowland:/bin/false
>
> I do not have the template lines in smb.conf
>
> As you can see I get 'DOMAIN\username' instead of just username, the
> only rfc2307 attributes I get from AD are the users uidNumber and the
> users primary group gidNumber.
>
> Are you sure that winbind on a DC uses the default domain ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list