[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Rowland Penny
rpenny at samba.org
Sat Feb 18 20:17:12 UTC 2017
On Sat, 18 Feb 2017 19:12:39 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> I will set up debian in a VM and install the OS Samba packages and see
> if I have problems, bear with me ;-)
>
OK, back with the result and it works for me ;-)
Debian Jessie network install, no GUI, using DHCP to set ipaddress.
Only change I made before installing Samba, was to comment the
'127.0.1.1' line in /etc/hosts
apt-get install samba acl attr quota fam
winbind libpam-winbind libpam-krb5 libnss-winbind krb5-config krb5-user
ntp dnsutils ldb-tools
service smbd stop
service nmbd stop
service winbind stop
/etc/samba/smb.conf
[global]
workgroup = SAMDOM
security = ADS
realm = SAMDOM.EXAMPLE.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba 4 Client %h
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
## map ids outside of domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 2000-9999
## map ids from the domain the ranges may not overlap !
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-999999
template shell = /bin/bash
template homedir = /home/SAMDOM/%U
domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
host msdfs = no
# user Administrator workaround, without it you are unable to set privileges
username map = /etc/samba/user.map
# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# Share Setting Globally
unix extensions = no
reset on zero vc = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
# disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
/etc/samba/user.map
!root = SAMDOM\Administrator SAMDOM\administrator Administrator
administrator
samba -V
Version 4.2.14-Debian
/etc/krb5.conf
[libdefaults]
default_realm = SAMDOM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
chmod 644 /etc/krb5.conf
net ads join -U Administrator
Using short domain name -- SAMDOM
Joined 'DEBMEMBER' to dns domain 'samdom.example.com'
service smbd start
service nmbd start
service winbind start
/etc/nsswitch.conf
Add 'winbind' to the passwd & group lines
'getent passwd' displays all users, local and AD
getent passwd rowland
rowland:*:11107:10513:Rowland Penny:/home/rowland:/bin/bash
Rowland
More information about the samba
mailing list