[Samba] Samba 4.5: trying to setup an omnios system as a DC member

Andrea Cucciarrè acucciarre at cloudian.com
Tue Jun 19 14:10:33 UTC 2018 

Hello,

I'm trying to setup an omnios system as a Samba DC member, and I need AD 
backend for consistent IDs on all Samba clients.
The AD join is successful, the wbinfo shows the AD users

# /opt/samba/bin/wbinfo -n andrea
S-1-5-21-2680195940-2267646359-3814218302-1109 SID_USER (1)

however, " getent passwd ..." returns nothing for the user (all the AD user)

I have enabled debugging and I can see the following relevant error:

[2018/06/19 15:53:54.302030,  5, pid=638, effective(0, 0), real(0, 0)] 
../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
   Search for (uid=andrea) in <dc=HYPERFILE,dc=NET> gave 0 replies
[2018/06/19 15:53:54.302082,  5, pid=638, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_cache.c:1276(resolve_alias_to_username)
   resolve_alias_to_username: backend query returned 
NT_STATUS_OBJECT_NAME_NOT_FOUND
...
[2018/06/19 15:53:54.309621,  5, pid=638, effective(0, 0), real(0, 0), 
class=winbind] 
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
   Could not convert sid S-1-5-21-2680195940-2267646359-3814218302-1109: 
NT_STATUS_NONE_MAPPED

Also the command wbinfo fails to convert the SID to UID

# /opt/samba/bin/wbinfo -S S-1-5-21-2680195940-2267646359-3814218302-1109
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-2680195940-2267646359-3814218302-1109 to uid

This is the relevant smb.conf:

===============================
[global]
     log file = /opt/samba/log/%m.log
     log level = 10
     workgroup = HYPERFILE
     security = ADS
     realm = HYPERFILE.NET
     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     server string = Data %h
     winbind enum users = yes
     winbind enum groups = yes
     winbind use default domain = yes
     winbind expand groups = 4
     winbind nss info = rfc2307
     winbind refresh tickets = Yes
     winbind normalize names = Yes

     idmap config * : backend = tdb
     idmap config * : range = 1000000-2000000
     idmap config * : schema_mode = rfc2307

idmap config HYPERFILE:backend = ad
idmap config HYPERFILE:schema_mode = rfc2307
idmap config HYPERFILE:range = 1000-9999
idmap config HYPERFILE:unix_primary_group = yes

username map = /opt/samba/etc/user.map
client ldap sasl wrapping = plain
os level = 20
map to guest = bad user
host msdfs = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
load printers = no
=====================

If I remove in the smb.conf the entries "idmap config HYPERFILE ...", it 
works.
Any help would be appreciated.

Regards
Andrea

-- 
Gestione problematica Andrea Cucciarrè
Technical Support Engineer | EMEA
acucciarre at cloudian.com

More information about the samba mailing list