[Samba] setting up a new ADS infrastructure
Stefan Froehlich
samba at froehlich.priv.at
Thu Jun 13 17:21:28 UTC 2019
I try to set up a small ADS infrastructure: 1 samba ADS-controller,
1 samba file server, 2 Linux and 6 Windows clients. Starting with
controller and file server, quite a lot of things work, but not
everything. Here it starts getting complicate: looking for manuals,
googling for error messages leads to lots of different advices for
different versions... not easy. There are open questions, but I am
not sure where is the best point to start - I'll give it a try:
File server and Linux clients shall use the AD-backend, so I read
and followed <https://wiki.samba.org/index.php/Idmap_config_ad>.
There it says:
"Whichever setting you use, the group (or groups) set as the users
primary group must have the gidNumber attribute set"
If I look at the group "domain users" the gidNumber attribute is not
set at all. The group is created automatically while provisioning
the server, and I can neither find an option to set the gid, nor a
way to alter it later on. Can I?
Just in case that the above text was the wrong question: The actual
*practical* problem that hit me after installation is:
| root at fileserver:~# net ads user -UAdministrator
| Enter Administrator's password:
| Guest
| test
| Administrator
| krbtgt
| root at fileserver:~# wbinfo -u
| guest
| test
| administrator
| krbtgt
| root at fileserver:~# wbinfo -i test
| failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
| Could not get info for user test
| root at fileserver:~# wbinfo -n test
| S-1-5-21-734461581-300303633-3375534526-1120 SID_USER (1)
I found the hint that I need resolving gidNumbers for accounts in
order to work - and as this does not seem to be the case I try to
resolve that first.
(Of course, configuration or log files can be provided if helpful -
there are just too many files on two machines, so I'd rather post
what ever seems to be helpful. The only log message I consider
relevant right now is in log.nmbd on the fileserver:
| [2019/06/13 19:14:02.586604, 0]
| ../source3/nmbd/nmbd_serverlistdb.c:340(write_browse_list)
| write_browse_list: Fatal error - cannot find my workgroup
| SAMDOM
But again, googling this did not enlighten me, escpecially as:
| root at herakles:~# net ads workgroup
| Workgroup: SAMDOM
| root at fileserver:~# net ads testjoin
| Join is OK
Any hints are welcome...
Bye,
Stefan
--
Die Macht des Wissens! Stefan, Trost in den Stunden des Zorns!
Sloganizer, https://www.poetron-zone.de/
More information about the samba
mailing list