[Samba] Not able to list domain in new samba DC

[Sina Owolabi]

Thanks Rowland!

My current configs are:

DC:

# Global parameters
[global]
        dns forwarder = 8.8.8.8
        netbios name = TESTBOX
        realm = SAMDOM.TESTING.COM
        server role = active directory domain controller
        workgroup = SAMDOM
        idmap_ldb:use rfc2307 = yes
        log file = /var/log/samba/%m.log
        log level = 3
        tls enabled = yes
        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes
        winbind enum groups = Yes
        winbind enum users = Yes
        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config SAMDOM:backend = ad
        idmap config SAMDOM:schema_mode = rfc2307
        idmap config  SAMDOM : range = 10000-999999
        idmap config  SAMDOM : unix_nss_info = yes
        idmap config SAMDOM:unix_primary_group = yes

        template shell = /bin/bash
        template homedir = /share/%U

        username map = /usr/local/samba/etc/user.map
[netlogon]
        path = /usr/local/samba/var/locks/sysvol/samdom.testing.com/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

Domain member/file server:

[global]
        security = ADS
        workgroup = SAMDOM
        realm = SAMDOM.TESTING.COM

        log file = /var/log/samba/%m.log
        log level = 1
        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes
        winbind enum groups = Yes
        winbind enum users = Yes
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config SAMDOM:backend = ad
        idmap config SAMDOM:schema_mode = rfc2307
        idmap config  SAMDOM : range = 10000-999999
        idmap config  SAMDOM : unix_nss_info = yes
        idmap config SAMDOM:unix_primary_group = yes

        template shell = /bin/bash
        template homedir = /share/%U

        username map = /usr/local/samba/etc/user.map
        map to guest = Bad User

[Anonymous]
        path = /anonymous
        writable = yes
        browsable = yes
        guest ok = yes
        guest only = yes
        create mode = 0777
        directory mode = 0777

[Demo]
        path = /srv/samba/Demo/
        read only = no

I was trying to walk through the creating shares bit and I noticed
that getent passwd and getent group dont work
Am I missing something else?


On Thu, Nov 9, 2017 at 1:13 PM, Rowland Penny via samba
<samba at lists.samba.org> wrote:
> On Thu, 9 Nov 2017 12:56:35 +0100
> Sina Owolabi <notify.sina at gmail.com> wrote:
>
>> Thanks a lot :-)
>> Does this mean my current configuration is correct?
>>
>
> Yes, as far as it goes, as long as you have added uidNumber attributes
> to the users in AD, containing a unique number inside the range
> '10000-999999', they also have a gidNumber that points to a group that
> has a gidNumber attribute containing the same number and this number is
> also inside the '10000-999999' range.
> NOTE: these uidNumber & gidNumber attributes are not added
> automatically.
>
> I would also add:
>
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba