[Samba] Not able to list domain in new samba DC

Sina Owolabi notify.sina at gmail.com
Thu Nov 9 14:58:04 UTC 2017 

Yes I did setup libnss_winbind.
wbinfo -u and -g on the domain member both work:

[root at testfsrv ~]# wbinfo -u
SAMDOM\testakin
SAMDOM\testsina
SAMDOM\testigein
SAMDOM\administrator
SAMDOM\krbtgt
SAMDOM\guest
[root at testfsrv ~]# wbinfo -g
SAMDOM\allowed rodc password replication group
SAMDOM\enterprise read-only domain controllers
SAMDOM\denied rodc password replication group
SAMDOM\read-only domain controllers
SAMDOM\group policy creator owners
SAMDOM\ras and ias servers
SAMDOM\domain controllers
SAMDOM\enterprise admins
SAMDOM\domain computers
SAMDOM\cert publishers
SAMDOM\dnsupdateproxy
SAMDOM\domain admins
SAMDOM\domain guests
SAMDOM\schema admins
SAMDOM\domain users
SAMDOM\dnsadmins

On Thu, Nov 9, 2017 at 3:35 PM, Rowland Penny <rpenny at samba.org> wrote:
> On Thu, 9 Nov 2017 15:17:22 +0100
> Sina Owolabi <notify.sina at gmail.com> wrote:
>
>> Thanks Rowland!
>>
>> My current configs are:
>>
>> DC:
>>
>> # Global parameters
>> [global]
>>         dns forwarder = 8.8.8.8
>>         netbios name = TESTBOX
>>         realm = SAMDOM.TESTING.COM
>>         server role = active directory domain controller
>>         workgroup = SAMDOM
>>         idmap_ldb:use rfc2307 = yes
>>         log file = /var/log/samba/%m.log
>>         log level = 3
>>         tls enabled = yes
>>         template shell = /bin/bash
>>         template homedir = /share/%U
>
> See notes below:
>
>>         vfs objects = acl_xattr
>>         map acl inherit = yes
>>         store dos attributes = yes
>>         winbind enum groups = Yes
>>         winbind enum users = Yes
>>         idmap config * : backend = tdb
>>         idmap config * : range = 3000-7999
>>         idmap config SAMDOM:backend = ad
>>         idmap config SAMDOM:schema_mode = rfc2307
>>         idmap config  SAMDOM : range = 10000-999999
>>         idmap config  SAMDOM : unix_nss_info = yes
>>         idmap config SAMDOM:unix_primary_group = yes
>>         username map = /usr/local/samba/etc/user.map
>
> I think you may have misunderstood me, the 13 lines above should NEVER
> be added to the smb.conf on a DC, they belong in a Unix domain
> member smb.conf (except for the 'winbind enum' lines and they should
> only be used for testing purposes)
>
>>
>> Domain member/file server:
>
>>         idmap_ldb:use rfc2307 = yes
>
> This line should only be in a DC smb.conf
>
>> I was trying to walk through the creating shares bit and I noticed
>> that getent passwd and getent group dont work
>> Am I missing something else?
>>
>
> Have you set up libnss_winbind ?
>
> Rowland

More information about the samba mailing list