[Samba] New AD-DC missing some DNS Information
Robert Steinmetz AIA
rob at steinmetznet.com
Mon Feb 15 17:38:37 UTC 2021
Rowland penny via samba wrote:
> On 14/02/2021 20:34, Robert Steinmetz AIA wrote:
>> I also have a couple of loose ends, samba-ad-dc is not starting on
>> boot and /etc/resolv.conf is being overwritten, even though I
>> disabled systemd-resolved. I think those are systemd issues - I'll
>> figure them out.
I got samba to start up it simply needed to be enabled with systemd
Ubuntu provides a service file.
The /etc/resolv.conf is still getting overwritten.
> Lets start with a couple of Linux commands:
> rowland at devstation:~$ getent passwd rowland
> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
> rowland at devstation:~$ grep 'rowland' /etc/passwd
> rowland at devstation:~$
In my case I've added a user 'debbie'
# wbinfo -u
I created the user using samba-tool and supplied all of the Linux
options for /etc/passwd
# getent passwd 'debbie'
# grep 'debbie' /etc/passwd
# samba-tool user show debbie
userPrincipalName: debbie at no.steinmetznet.com
> If you use the 'ad' backend on Unix domain members, then you can use
> the uidNumber and gidNumber attributes from AD along with the other
> rfc2307 attributes,
That's what I think I did with samba-tool
> you can also opt to set the Unix home directories & login shell in the
> smb.conf (note: this is the only way to these on an AD DC or using
> anyother winbind backend.
I don't understand what you're saying here. Particularly the part after
> Try reading:
> man idmap_ad
> man idmap_rid
>> We have in the past used the /homes share to connect users to their
>> Linux home directory.
> You can still use the 'homes' share, though you will probably need a
> 'root preexec' script to create the users directory as they connect (I
> can help you with this), note that you shouldn't confuse a users Unix
> share with a the users Windows home directory.
In our current set up each user has a Windows profile and a Unix home
directory which is mounted as a /homes share to a drive letter. That is
used to store user specific information and things like the users
profile for email clients and other user specific information. I'm not
clear on what a Windows Home directory is. That is something I think I
can leave till later.
>> Or should I add them to AD using samba-tool and provide the info from
>> /etc/passwd then delete the user from the passwd file.
> in order: yes,probably no and yes. Unless there is a really good
> reason to use ID's in the 1000 plus range (I cannot think of one, but
> who knows)
The only difference I can see from samba tool and /etc/passwd is the
uid. did I miss something? Is the reason to use a different range simply
to avoid conflicts?
Also is it necessary to modify nsswitch.conf to include winbind?
More information about the samba