[Samba] getent not showing domain users and groups with winbind but works with sssd

Mon Oct 1 17:28:29 UTC 2018

Hi Louis and Rowland,

I'm just reporting back on this, in case it may help somebody else.

Getting a working getent (or id) under the current version of CentOS 
with winbind just doesn't seems possible. I haven't got a clue where the 
problem is. I have tried the suggestions, I did a clean installation, 
and built Samba myself from source, but no way. Installing sssd, a few 
lines of configuration, disabling winbind, and it just works. I just 
want to stress, that the problems I have had getting the Samba domain 
member to work, are most probably CentOS-related.

Unfortunately, I must leave it at this point, as I have spent way too 
much time already. At least I'm glad that I didn't upgrade the 
production server directly, and instead spent time trying to get things 
to work in the test environment. Otherwise there would have been tar and 
feathers at noon today.

A sincere thank you for your time and suggestions.

Peter

On 01.10.2018 13:40, L.P.H. van Belle via samba wrote:
> Hai,
>
> If you read the post on the debian bug list.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909465
> You wil seen the workaround also, thats tested and works.
>
> And I also suggest you adjest the startup order and to adjust your systemd settings is shown here.
>
> Use : systemct edit name_of_service.service
> This creates and override file in /etc/systemd/system/servicename.d/override.conf
>
> If you want a full copy of the service file and edit that.
> Use : systemct edit --full name_of_service.service
> That wil be placed in /etc/systemd/system/
>   
> Editing this way, you wont get messages/questions when upgrading and your settins are in /etc/systemd
> The system systems are in /lib/systemd
>
> Currently im testing the following settings.
>
> # /etc/systemd/system/smbd.service.d/override.conf
> Wants=network.target
> After=network.target nmbd.service
>
>
> # /etc/systemd/system/winbind.service.d/override.conf
> Wants=network-online.target
> After=network.target network-online.target smbd.service
>
> And Nmbd does not need adjustments.
>
>
> But dont forget to install conform these steps. A few workarounds to make it work.
>   
> install a stand-alone server.
> apt-get install samba
>   
> Next, to avoid the problem run :
> net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin
>   
> or define the idmap in smb.conf
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> Now you can install winbind also, if you dont need winbind, then the bug does not show.
>
> As of this point you can configure everything as usual.
>
>
> Greetz,
>
> Louis
>
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Peter Milesson via samba
>> Verzonden: maandag 1 oktober 2018 13:28
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] getent not showing domain users and
>> groups with winbind but works with sssd
>>
>>
>> On 10/1/18 1:10 PM, Rowland Penny via samba wrote:
>>> On Mon, 1 Oct 2018 12:13:58 +0200
>>> Peter Milesson <miles at atmos.eu> wrote:
>>>
>>>>> You are now hitting a bug in 4.9.1 that was discovered
>> last week by
>>>>> Louis Van Belle. It seems to be an interaction between Samba and
>>>>> systemd, I say this because it doesn't affect me on Devuan.
>>>>>
>>>>> Rowland
>>>> Hi Rowland,
>>>>
>>>> I'm using the standard CentOS Samba packages. The current Samba
>>>> version is 4.7.1. The server is 4.9.1, however.
>>>>
>>> Hmm, I wonder if this has been going on for sometime ?
>>>
>>> As I said, I don't get this error and the Samba daemons are
>> started in
>>> this order:
>>> smbd
>>> nmbd
>>> winbind
>>>
>>>   From the debian bug report by Louis, there is this
>>> in /lib/systemd/system/smbd.service:
>>>
>>> After=network.target network-online.target nmbd.service
>> winbind.service
>>> Which from my (limited) knowledge of systemd, means 'smbd'
>> will only be
>>> started after 'nmbd' & 'winbind'. This, in my opinion, is
>> totally wrong.
>>> If your version of the file is the same, try removing
>> 'winbind.service'
>>> and see if this helps.
>>>
>>> Rowland
>>>
>> Hi Rowland,
>>
>> Order does not seem to be important. I have tried to start
>> the daemons
>> manually in different order. Does not help.
>>
>> As the self compiled AD DC works beautifully, I'll wipe the
>> installation
>> and compile Samba myself from the 4.9.1 sources. Being lazy and
>> installing what's thrown at you evidently didn't pay off in this case.
>>
>> Thanks for your help anyway.
>>
>> I wish you a nice day,
>>
>> Peter
>>
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>