[Samba] getent shows only local entries.

Daniel Lang spaci76 at gmail.com
Sun Jan 26 11:13:24 UTC 2020 

your are right. its my fault and i mean privileged Containers for both
Machines. In an "Unprivileged" Container you can't setup samba and it will
fails.

Am So., 26. Jan. 2020 um 12:06 Uhr schrieb Roy Eastwood <spindles7 at gmail.com
>:

> In addition to Rowland's comments see inline comment below:
>
> On 26 January 2020 10:26 Rowland penny wrote:
> > On 26/01/2020 09:37, Daniel Lang via samba wrote:
> > > Hello,
> > >
> > > i installed a fresh Version as AD DC Domain under Debian Bullseye with
> > > Version 4.11.3, this works perfectly. Windows Machines can be sign
> > > into the Domain. Now i create a Fileserver as Domainmember for Service
> > > e.g. Profil and Shares. The Domainjoin succeeded. wbinfo -u shows the
> > > AD User, also wbinfo -g but, i can't retrieve User and Groups with ad
> > > Backend. getent shows only local entries. Both Machines run into an
> > > unprivileged LXC Container. The timing coordinates by Host and are
> right.
>
> Not specifically relevant to the problem you cite but you will need to use
> Privileged LXD/LXC containers for both the DC and the
> member server as the container needs to set the underlying filing system
> ACLs for samba to work correctly.
>
> > >
> > > Here are my both configuration files:
> > >
> > > krb5.conf
> > > [libdefaults]
> > >          default_realm = INTERN.EXAMPLE.DE
> > >          dns_lookup_realm = false
> > >          dns_lookup_kdc = true
> > >
> > > smb.conf
> > > # Global parameters
> > > [global]
> > >          dedicated keytab file = /etc/krb5.keytab
> > >          kerberos method = secrets and keytab
> > >          realm = INTERN.EXAMPLE.DE
> > >          security = ADS
> > >          server min protocol = SMB2
> > >          winbind enum groups = Yes
> > >          winbind enum users = Yes
> > >          winbind refresh tickets = Yes
> > >          workgroup = INTERN
> > >          idmap config intern:range = 10000-999999
> > >          idmap config intern:schema_mode = rfc2307
> > >          idmap config intern:backend = ad
> > >          idmap config *:range = 3000-7999
> > >          idmap config * : backend = tdb
> > >          map acl inherit = Yes
> > >          vfs objects = acl_xattr
> > >
> > >
> > > The winbindd service started correctly.
> > >
> > >   winbindd version 4.11.3-Debian started.
> > >    Copyright Andrew Tridgell and the Samba Team 1992-2019
> > > [2020/01/26 08:46:50.212310,  0]
> > > ../../source3/winbindd/winbindd_cache.c:3164(initialize_winbindd_cache)
> > >    initialize_winbindd_cache: clearing cache and re-creating with
> > > version number 2
> > > [2020/01/26 08:46:50.213156,  0]
> > > ../../lib/util/become_daemon.c:135(daemon_ready)
> > >    daemon_ready: daemon 'winbindd' finished starting up and ready to
> > > serve connections
> > >
> > >
> > > I am grateful for any suggestion.
> > >
> > > Best regards
> > > Daniel
> >
> > Whilst wbinfo is showing your users and groups, this does not mean that
> Unix knows who they are.
> >
> > Do you have libnss-winbind, libpam-winbind and libpam-krb5 installed ?
> >
> > Have you set 'winbind' in the 'passwd' & 'group' lines in
> /etc/nsswitch.conf ?
> >
> > Have you added uidNumber attributes to your users and a gidNumber to
> 'Domain Users' ?
> >
> > They are not added automatically, you need to add them manually.
> >
> > Rowland
>
> HTH
>
> Roy
>
>

More information about the samba mailing list