[Samba] Not able to list domain in new samba DC
Rowland Penny
rpenny at samba.org
Thu Nov 9 14:35:54 UTC 2017
On Thu, 9 Nov 2017 15:17:22 +0100
Sina Owolabi <notify.sina at gmail.com> wrote:
> Thanks Rowland!
>
> My current configs are:
>
> DC:
>
> # Global parameters
> [global]
> dns forwarder = 8.8.8.8
> netbios name = TESTBOX
> realm = SAMDOM.TESTING.COM
> server role = active directory domain controller
> workgroup = SAMDOM
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/%m.log
> log level = 3
> tls enabled = yes
> template shell = /bin/bash
> template homedir = /share/%U
See notes below:
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> winbind enum groups = Yes
> winbind enum users = Yes
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config SAMDOM:backend = ad
> idmap config SAMDOM:schema_mode = rfc2307
> idmap config SAMDOM : range = 10000-999999
> idmap config SAMDOM : unix_nss_info = yes
> idmap config SAMDOM:unix_primary_group = yes
> username map = /usr/local/samba/etc/user.map
I think you may have misunderstood me, the 13 lines above should NEVER
be added to the smb.conf on a DC, they belong in a Unix domain
member smb.conf (except for the 'winbind enum' lines and they should
only be used for testing purposes)
>
> Domain member/file server:
> idmap_ldb:use rfc2307 = yes
This line should only be in a DC smb.conf
> I was trying to walk through the creating shares bit and I noticed
> that getent passwd and getent group dont work
> Am I missing something else?
>
Have you set up libnss_winbind ?
Rowland
More information about the samba
mailing list