[Samba] getenv does not return any AD DOMAIN users or groups - ?nsswitch is not setup for Samba?

[Barry D. Adkins]

>> >What is the AD DC ?
>> 
>> Windows 2012 Server DC's
> 
> >>If it is a Windows DC, is 'IDMU' installed (also known as 'services 
> >>for Unix) ?
> >
> >No, Services for Unix are not installed, but I did install the NIS for 
> <Unix for the AD Users & Computers app and that all works fine.
>
>You can stop looking for 'ldb' files.
>
> I
>> did however find the Samba LDIF file for preparing a Directory Schema

>Where did you find this and where have you imported this to and how.
Here: https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD

You have to have the schema in the Active Directory Schema.  So you either have to add it to a Samba AD Schema or the Windows AD Schema.

I used the windows tool LDIFDE to import the schema to the Windows AD Schema.  Otherwise there is no schema for the Unix Attributes.  From my reading about Unix Services for Windows it would have added to the schema, and I assume it would have at least been the ypServ30 stuff.  It's 55 entries.

I found and deduced that Samba wasn't adding the needed Schema, and the wiki clearly addressed how to add it for a Samaba AD further indicating that Samba was not somehow otherwise going to add the needed schema entries.

>> import file, and I did that.  That is how I was able to enter the 
>> uid's & gid's as I mentioned on my 2nd post last night. I considered 
>> installing Windows Services for Unix, but there was no guidance for 
>> this requirement in the wiki that seemed clear to me.
>
>There wouldn't be, everything on the Samba wiki refers to Samba and there is very little about Windows directly. You need to do an internet search to find out what you need to install on your >Windows 2012 DC and how to do it.

Well I understand it's Samba, but it's integrating I suspect quite a lot with Windows companion servers.  It provides substantial detail where Windows tools must be used, AD Users & Computers, Access List permissions, etc.  I'm not trying to be critical, but if there are assumptions about the Windows Environment it would help if they are stated.  Clearly I did miss things that were in the wikis, so your patience with me has been appreciated.

>>  Furthermore,
>> when I searched for where to obtain the installation for Windows 
>> Services for Unix I found it was a CD/DVD with a Key on it, etc. and 
>> thus perhaps incorrectly assumed it must be purchased.  I'm not 
>> opposed to purchasing it but of course would prefer not to, but I'm 
>> going to have to find out where to purchase it.

>The big point behind using a Samba AD DC is that you don't need to pay for Server licences and CAL's for the clients.
>You could try joining a Samba DC to the domain and then add the yp30server.ldif, replication will then do the rest.

But I already have all the Windows Servers, clients, and licenses.  I began this journey to migrate away from it.  Yes, I could join a Samba DC but I was trying to take one step at a time thinking that would be perhaps a more complicated task, AND my first migration step was based on the need to setup a file server with replicated storage.

Never the less, I got the schema into the Windows AD.  The uid's and gid's are there for all users and groups.  It really was not difficult getting the schema into the Windows AD once I knew I needed to do it.

>> 
>> >If it is a Samba DC, did you provision with '--use-rfc2307' ?
> >
>> It's not a Samba DC.  I first want to prove up just a standalone file 
>> server, spending time on that, and then implement with Gluster of some 
> >other file system that I can setup a replicated folder, share, or 
> >volume.  I determined to conquer that Samba DC later.

>The Samba DC is the easiest part of that and will be the easiest way to install the required IDMU framework.

So, there is more to the IDMU framework than the AD Schema?  Should I remove the added schema before doing the Samba DC or just leave it?  I don't see a problem leaving it as it will be needed anyway.  It would be added to the Samba Schema and then replicated to the Windows DCs, so I wouldn't need to add it to the Samba DC as it would get it from the replica it receives when it joins the Domain.

If I do the Samba DC, I'll either have to leave the Windows Servers doing DHCP and DNS or deal with doing all that in Linux/Samba now.... I'd rather do that later.

I was thinking for a Samba DC to let it be on its own as my other Windows DCs, without providing other services other than DNS, DHCP, etc.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba