[Samba] Samba4 Domain Member Server "Getent show diferents UID"
Rowland penny
rpenny at samba.org
Wed Jun 15 18:27:31 UTC 2016
On 15/06/16 18:55, Juan Ignacio wrote:
> The UID of the users in the command output: "getent passwd" remain
> different in the member server.
> I give to the user uanaco a gid and a uid throw RSAT.
OK, this is me on a DC:
root at dc2:~# getent passwd rowland
SAMDOM\rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
and this is me an a domain member:
rowland at devstation:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
I have added the required RFC2307 attributes to my AD object and
libnss_winbind is setup correctly.
>
> root at memberserver:/usr/local/samba/etc# getent passwd | less
> uanaco:*:100642:100008:uanaco:/home/ADSERVER/uanaco:/bin/false
>
> There is a service besides winbindd need to be running on the member
> server?
>
> I'm currently running all manually, "nmbd, smbd, samba, winbindd"
> The startup script here I did not work properly on Debian.
You should not be running all of them on a domain member, turn off
'samba', this should only be run on a DC and this will start any other
required binaries.
>
> https://wiki.samba.org/index.php/Samba4/InitScript
Download the debian samba packages and extract the 'smbd', 'nmbd' and
'winbindd' init scripts, now alter the paths in them to match where your
Samba binaries are.
>
> How can we verify that the AD Domain Controller is using the RFC2307
> attribute correctly?
>
> How can we verify that the Member server is using the RFC2307
> attribute and receiving data?
If every thing is set up correctly, you should get the same IDs
everywhere on Linux, see above, if you are not getting the same UIDs on
DCs & domain members, then it sounds like something is incorrectly set up.
You say that you gave your user a uidNumber, is this number inside the
domain range in the domain member smb.conf, the relevant line in my
smb.conf is:
idmap config SAMDOM : range = 10000-999999
if it isn't, it will be ignored.
Have you given the 'Domain Users' group a gidNumber attribute, if not,
all Unix users will be ignored, again, this number needs to be inside
the range.
Can you run 'pam-auth-update' on the domain member and post the result.
Rowland
More information about the samba
mailing list