[Samba] Problem with Samba as Member to AD
Mr Typo
euroregistrar at gmail.com
Tue Jul 20 10:36:10 UTC 2021
Hey Rowland,
i hope you can help me again. I cant find the error. I did install a
fresh centos and used the same config as we discussed last week.
no sssd and no ncsd is configured. i can to a SID to uid lookup, but i
cant lookup uids to SID
i hope you can help me again, i have no idea where to look..
best regards
Typo
[root at sv2-ftp01p ~]# wbinfo -s S-1-1-0
\Everyone 5
[root at sv2-ftp01p ~]# wbinfo -s S-1-5-2
NT Authority\Network 5
[root at sv2-ftp01p ~]# wbinfo -u | head -5
administrator
gast
krbtgt
itxadmin
itxuser
[root at sv2-ftp01p ~]# wbinfo --ping-dc
checking the NETLOGON for domain[PFW] dc connection to
"sv1-dc01p.pfw.local" succeeded
[root at sv2-ftp01p ~]# net ads info
LDAP server: 10.40.130.10
LDAP server name: sv1-dc01p.pfw.local
Realm: PFW.LOCAL
Bind Path: dc=PFW,dc=LOCAL
LDAP port: 389
Server time: Tue, 20 Jul 2021 12:14:29 CEST
KDC server: 10.40.130.10
Server time offset: 0
Last machine account password change: Tue, 20 Jul 2021 11:28:26 CEST
[root at sv2-ftp01p ~]# cat /etc/nsswitch.conf|grep winbi
passwd: files winbind systemd
group: files winbind systemd
[root at sv2-ftp01p ~]# id itxadmin
id: 'itxadmin': no such user
[root at sv2-ftp01p ~]# getent passwd itxadmin
[root at sv2-ftp01p ~]# wbinfo -s S-1-5-21-4080695503-475066264-1108356078-1110
PFW\adadmsar 1
[root at sv2-ftp01p ~]# id adadmsar
id: 'adadmsar': no such user
[root at sv2-ftp01p ~]# wbinfo -i srvadmsar
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
smb.conf
[global]
workgroup = PFW
realm = PFW.LOCAL
security = ads
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config PFW:backend = ad
idmap config PFW:schema_mode = rfc2307
idmap config PFW:range = 10000-999999
idmap config PFW:unix_nss_info = yes
template homedir = /home/%U
template shell = /bin/false
winbind use default domain = true
winbind enum users = yes
winbind offline logon = true
log file = /var/log/samba/log.%m
max log size = 50
log level = 9
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
On Sun, Jul 18, 2021 at 12:27 PM Mr Typo <euroregistrar at gmail.com> wrote:
>
> Hey Rowland,
>
> thank you for your answers and help. I found another Layer8 problem
> and now it is working as expected.
>
> thank you again!
>
> Typo
>
> On Sun, Jul 18, 2021 at 12:04 PM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> > On Sun, 2021-07-18 at 11:55 +0200, Mr Typo wrote:
> > > Yeah reading attributes from ad, like unixHomeDirectory and
> > > loginShell
> > >
> > > When i understand it right, i can use
> > > template homedir = /home/%U
> > >
> > > for default values and setting the unixHomeDirectory and loginShell
> > > if
> > > i want another value, correct?
> >
> > Yes and no :-)
> >
> > Yes, you can add them to AD, but no they will not be used unless you
> > use the winbind ad backend, try reading this:
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >
> > and this:
> > https://wiki.samba.org/index.php/Idmap_config_ad
> >
> > >
> > > currently i play with the below configuration but i just the the
> > > template values for every user. Any ideas?
> > >
> > > [global]
> > > workgroup = PFW
> > > realm = PFW.LOCAL
> > > security = ads
> > > idmap config * : backend = tdb
> > > idmap config * : range = 3000-7999
> > > idmap config PFW:backend = ad
> > > idmap config PFW:schema_mode = rfc2307
> > > idmap config PFW:range = 10000-999999
> > > idmap config PFW:unix_nss_info = yes
> > > template homedir = /home/%U
> > > template shell = /bin/bash
> > > # idmap config PFW : backend = rid
> > > # idmap config PFW : range = 500-19999999
> > > # idmap config PFW : rangesize = 1000000
> > > winbind use default domain = true
> > > winbind enum users = no
> > > winbind offline logon = true
> > > log file = /var/log/samba/log.%m
> > > max log size = 50
> > > log level = 3
> > > load printers = no
> > > printing = bsd
> > > printcap name = /dev/null
> > > disable spoolss = yes
> > >
> >
> > That looks okay.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list