[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend
rpenny at samba.org
Wed Apr 26 17:54:45 UTC 2023
On 26/04/2023 18:27, Gary Dale via samba wrote:
> No. I am running the tests suggested by the various Samba wiki pages. I
> can do a getent passwd <local account> on my workstation and on my file
> & print server but I can't do a getent passwd <domain account> except on
> my DC. I explicitly showed that in the message before the one you
> replied to. I also showed how I can't do a login to a domain account
> except on the DC.
> This failure to get domain account information seems likely to be at the
> heart of the problems I'm having.
So you are running 'getent passwd gary' and getting no output, this is
usually caused by libpam-winbind and libnss-winbind not being installed,
or /etc/nsswitch.conf not being configured correctly, the relevant lines
from mine look like this:
passwd: files winbind
group: files winbind
Or pam-auth-update is configured correctly, again these are the lines
[*] Unix authentication
[*] Winbind NT/Active Directory authentication
[*] Register user sessions in the systemd control group ...
[*] Create home directory on login
Or you are using the 'ad' idmap backend on a Unix domain member and
haven't added a uidNumber attribute to the users and added a gidNumber
attribute to the Domain Users group. The numbers you use in these
attributes have to be unique, though you can use the same range for
users and groups, that is 'gary' could have the ID 10000 and Domain
Users could also the same ID 10000. Whatever numbers you use, the Domain
idmap config line in smb.conf must enclose those numbers e.g.
idmap config DOMAIN : range = 10000-999999
You may have done all of these, if so I will have another think.
More information about the samba