Hai, 
 
this is an older report but i'll update this. 
 
Must whats in the report is correct but not all. .
 
 
the line :  passdb backend = samba4
should not be in the smb.conf 
 
this is ok on a AD DC.
 
root@pdc:~# wbinfo -u | grep Administrator
Administrator
root@pdc:~# id Administrator
uid=0(root) gid=100(users) groups=0(root),100(users),3000004(EXAMPLE\Group

 
for the member: 
     winbind uid = 10000-20000
     winbind gid = 10000-20000
should not be in smb.conf
 
 
 
Kerberos keytab is generated with (samba-tool gives segfault):
net rpc vampire keytab /etc/krb5.keytab -I[pdc_ip] -UAdministrator%passwd

The join is normaly done on the members with : net ads
(newer version as of 4.5.x can use samba-tool ) 
 
 
wbinfo -u | grep Administrator
Administrator

*THEN* Winbind is working (see previous step), but id or getent (or other
resolving stuff) aren't:
root@workstation:~# id Administrator
id: Administrator: no such user
root@workstation:~# getent passwd Administrator
[nothing]

This is correct on a member server you done see UID=0 for Administrator. 
 
and you NEVER assing uid=0 to Administrator. 
you need to define username map = /etc/samba/samba_usermapping
with content: !root = NTDOM\Administrator NTDOM\administrator
and setup your SePrivileges for "Domain Admins"  
 
In my opinion errors in config and not in samba. 
 
 
Thanks,
 
Louis
 

 

Reply via email to