[Samba] ADS Domain Member - getent problem
Franz Gansberger
franz.gansberger at boku.ac.at
Wed Jan 10 19:58:25 UTC 2018
Hi,
after addidional tests, and following another (earier) hint from Louis regarding his repository I did a quick update (over the old version, quick and dirty) to Samba version 4.6.7-Debian - an voila:
After rejoining this new member server to the domain H950 (it was a clone from the original one) this funny peace of software is showing all the users from the DC! :-)
Thank you Louis!
Franz
>>> Franz Gansberger 10.01.2018 18:43 >>>
Hello List,
I'm running a Samba ADS on Debian 9, Samba version 4.5.12-Debian.
Right now I'll try to add a Domain member - also running Samba version 4.5.12-Debian.
Thanks to Loius and Rowland, this howto guided me a lot in the right direction: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
But right now I'll get stuck. It seems that the configuration is ok - AD-members are successfully joined, I can ping via "wbinfo --ping-dc", all the tests regarding name resolution are working, and of course I'll get the complete list of users and groups via wbinfo -u or wbinfo -g on the member servers. :-)
The users are maintained via ADUC on the DC, and every user and group has its UID assignd.
Surprisingly only "getent group" generates the list of groups with the correct ID's on the domain members. I tried this at two different members.
"getent passwd demo1" (or "getent passwd "H950\demo1"") generates nothing.
This is the config file from the domain member - smb.conf
[global]
security = ADS
workgroup = H950
realm = H950.SOME.DOMAIN
log file = /var/log/samba/%m.log
log level = 5
#map untrusted to domain = Yes
# Default idmap config for local BUILTIN accounts and groups
idmap config * : backend = tdb
idmap config * : range = 20000-20999
idmap config H950:default = true
idmap config H950:schema mode = rfc2307
idmap config H950:backend = ad
idmap config H950:range = 500-9999
idmap config H950:unix_nss_info = yes
idmap config H950:unix_primary_group = yes
winbind nss info = rfc2307
username map = /etc/samba/user.map
acl allow execute always = True
unix charset = UTF8
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
Is there anything I'm missing? Or mixing up? I'm sure ... ;-)
Thank you guys for your work!
Kind regards
Franz
More information about the samba
mailing list