[Samba] ADS domain member: winbind fails [SOLVED]
Rowland Penny
rpenny at samba.org
Sun Jan 1 16:32:57 UTC 2017
On Sun, 1 Jan 2017 17:05:44 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
> ok, edited etc
>
> all uidNumber now > 10000
>
> except that "root", I was unsure now (?)
If you have a user called 'root', then it is easy, remove it, 'root'
shouldn't exist in AD, it is a Unix only user and you need to map
Administrator to 'root' in the user.map
>
> gidNumber:
>
> # ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep
> 'gidNumber'
> gidNumber: 10001
>
> -
>
> smb.conf on member:
>
>
> idmap config * : backend = tdb
> idmap config * : range = 2000-2999
>
> idmap config ARBEITSGRUPPE:backend = ad
> idmap config ARBEITSGRUPPE:range = 10000-99999
> idmap config ARBEITSGRUPPE:schema_mode = rfc2307
>
> username map = /etc/samba/user.map
>
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind refresh tickets = Yes
>
> -
>
> restarted all samba daemons on DC and member server, flushed cache
>
> On DC:
>
> # wbinfo -i sgw
> sgw:*:10000:10001::/home/ARBEITSGRUPPE/sgw:/bin/false
>
> # getent passwd sgw
> sgw:*:10000:10001::/home/ARBEITSGRUPPE/sgw:/bin/false
>
> (good, afaik)
>
> On member server:# wbinfo -i sgw
> sgw:*:10000:10001:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false
>
> main samba # getent passwd sgw
> sgw:*:10000:10001:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false
>
> - nice, correct??
Looking good
>
> I even did an additional change and set the gidNumber to 10513 to
> match the former gid (in the shared directory the group-id was 10513,
> now it is displayed as "domain users" as well).
>
> so now I have:
>
> # getent passwd sgw
> sgw:*:10000:10513:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false
>
> *phew*
>
> Any idea what else might be missing? ;-)
>
> thanks!
>
>
The only thing is, do any of your users need to actually login into the
domain member ?
If so, this is where using the 'ad' backend comes into its own, you
just need to add 'loginshell' and 'unixHomeDirectory' attributes
to the required users i.e.
loginshell: /bin/bash
unixHomeDirectory: /home/sgw
Rowland
More information about the samba
mailing list