[Samba] Winbind problems

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Feb 3 18:03:35 UTC 2020


Hi,

I have a problem in my Samba 4 file server.

I tried to change a directory's permission, but domain groups are not
recognized:

chown root:"Domain Admins" /home/Empresa
chown: invalid group: “root:Domain Admins”


When I run "getent passwd" command, only local user are listed.

wbinfo commands (wbinfo -g, wbinfo -u, wbinfo -a <user>) are working
properly.

The following are my configurations files:

cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files winbind
group:          files winbind
shadow:         compat
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis




cat /usr/local/samba/etc/smb.conf
[global]
    netbios name = FILESERVER
    workgroup = EMPRESA
    security = ADS
    realm = EMPRESA.COM.BR
    encrypt passwords = yes
    username map = /usr/local/samba/etc/user.map
    log file = /var/log/samba/%m.log
    log level = 1
    idmap config * : backend = tdb
    idmap config * : range = 3000-7999
    idmap config EMPRESA:backend = ad
    idmap config EMPRESA:schema_mode = rfc2307
    idmap config EMPRESA:range = 10000-999999
    idmap config EMPRESA:unix_nss_info = yes
    idmap config EMPRESA:unix_primary_group = yes
    winbind nss info = rfc2307
    winbind refresh tickets = Yes
    winbind separator = +
    winbind use default domain = yes
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes
    template shell = /bin/bash
    template homedir = /home/%U
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

    [Empresa]
    comment = Compartilhamentos
    path =  /home/Empresa
    valid users = +EMPRESA\"Domain Users"
    guest ok = no
    writable = yes
    browsable = yes
    create mask = 0777
    directory mask = 0777



cat /etc/resolv.conf
domain empresa.com.br
search empresa.com.br
nameserver 192.168.1.20
nameserver 192.168.1.22


 cat /etc/hosts
127.0.0.1 localhost
192.168.1.23 fileserver.empresa.com.br fileserver


netstat -lntup
Conexões Internet Ativas (sem os servidores)
Proto Recv-Q Send-Q Endereço Local          Endereço Remoto         Estado
     PID/Program name
tcp        0      0 0.0.0.0:81              0.0.0.0:*               LISTEN
      511/lighttpd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
      620/master
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
      720/smbd
tcp        0      0 0.0.0.0:20000           0.0.0.0:*               LISTEN
      443/sshd
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN
      419/zabbix_agentd
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
      720/smbd
tcp6       0      0 :::81                   :::*                    LISTEN
      511/lighttpd
tcp6       0      0 ::1:25                  :::*                    LISTEN
      620/master
tcp6       0      0 :::445                  :::*                    LISTEN
      720/smbd
tcp6       0      0 :::20000                :::*                    LISTEN
      443/sshd
tcp6       0      0 :::10050                :::*                    LISTEN
      419/zabbix_agentd
tcp6       0      0 :::139                  :::*                    LISTEN
      720/smbd
udp        0      0 0.0.0.0:54695           0.0.0.0:*
    359/rsyslogd
udp        0      0 192.168.1.23:123         0.0.0.0:*
      643/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*
    643/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*
    643/ntpd
udp        0      0 192.168.255.255:137      0.0.0.0:*
      684/nmbd
udp        0      0 192.168.1.23:137         0.0.0.0:*
      684/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*
    684/nmbd
udp        0      0 192.168.255.255:138      0.0.0.0:*
      684/nmbd
udp        0      0 192.168.1.23:138         0.0.0.0:*
      684/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*
    684/nmbd
udp6       0      0 fe80::5054:ff:fe00::123 :::*
     643/ntpd
udp6       0      0 ::1:123                 :::*
     643/ntpd
udp6       0      0 :::123                  :::*
     643/ntpd


The samba service isn't started, only smbd, nmbd and winbind services are
started.

I verified that libnss-winbind package isn't installed. Is this package
necessary?

Could anybody help me?

Regards,

Márcio Bacci


More information about the samba mailing list