[Samba] getent shows only local entries.
Daniel Lang
spaci76 at gmail.com
Sun Jan 26 11:13:24 UTC 2020
your are right. its my fault and i mean privileged Containers for both
Machines. In an "Unprivileged" Container you can't setup samba and it will
fails.
Am So., 26. Jan. 2020 um 12:06 Uhr schrieb Roy Eastwood <spindles7 at gmail.com
>:
> In addition to Rowland's comments see inline comment below:
>
> On 26 January 2020 10:26 Rowland penny wrote:
> > On 26/01/2020 09:37, Daniel Lang via samba wrote:
> > > Hello,
> > >
> > > i installed a fresh Version as AD DC Domain under Debian Bullseye with
> > > Version 4.11.3, this works perfectly. Windows Machines can be sign
> > > into the Domain. Now i create a Fileserver as Domainmember for Service
> > > e.g. Profil and Shares. The Domainjoin succeeded. wbinfo -u shows the
> > > AD User, also wbinfo -g but, i can't retrieve User and Groups with ad
> > > Backend. getent shows only local entries. Both Machines run into an
> > > unprivileged LXC Container. The timing coordinates by Host and are
> right.
>
> Not specifically relevant to the problem you cite but you will need to use
> Privileged LXD/LXC containers for both the DC and the
> member server as the container needs to set the underlying filing system
> ACLs for samba to work correctly.
>
> > >
> > > Here are my both configuration files:
> > >
> > > krb5.conf
> > > [libdefaults]
> > > default_realm = INTERN.EXAMPLE.DE
> > > dns_lookup_realm = false
> > > dns_lookup_kdc = true
> > >
> > > smb.conf
> > > # Global parameters
> > > [global]
> > > dedicated keytab file = /etc/krb5.keytab
> > > kerberos method = secrets and keytab
> > > realm = INTERN.EXAMPLE.DE
> > > security = ADS
> > > server min protocol = SMB2
> > > winbind enum groups = Yes
> > > winbind enum users = Yes
> > > winbind refresh tickets = Yes
> > > workgroup = INTERN
> > > idmap config intern:range = 10000-999999
> > > idmap config intern:schema_mode = rfc2307
> > > idmap config intern:backend = ad
> > > idmap config *:range = 3000-7999
> > > idmap config * : backend = tdb
> > > map acl inherit = Yes
> > > vfs objects = acl_xattr
> > >
> > >
> > > The winbindd service started correctly.
> > >
> > > winbindd version 4.11.3-Debian started.
> > > Copyright Andrew Tridgell and the Samba Team 1992-2019
> > > [2020/01/26 08:46:50.212310, 0]
> > > ../../source3/winbindd/winbindd_cache.c:3164(initialize_winbindd_cache)
> > > initialize_winbindd_cache: clearing cache and re-creating with
> > > version number 2
> > > [2020/01/26 08:46:50.213156, 0]
> > > ../../lib/util/become_daemon.c:135(daemon_ready)
> > > daemon_ready: daemon 'winbindd' finished starting up and ready to
> > > serve connections
> > >
> > >
> > > I am grateful for any suggestion.
> > >
> > > Best regards
> > > Daniel
> >
> > Whilst wbinfo is showing your users and groups, this does not mean that
> Unix knows who they are.
> >
> > Do you have libnss-winbind, libpam-winbind and libpam-krb5 installed ?
> >
> > Have you set 'winbind' in the 'passwd' & 'group' lines in
> /etc/nsswitch.conf ?
> >
> > Have you added uidNumber attributes to your users and a gidNumber to
> 'Domain Users' ?
> >
> > They are not added automatically, you need to add them manually.
> >
> > Rowland
>
> HTH
>
> Roy
>
>
More information about the samba
mailing list