On 24/09/12 22:31, Steve Snedeker wrote:
We have a cross platform environment with a Windows 2008 server running Active
Directory and many of our workstations are running ubuntu 10.10 using winbind
for user authentication. The version of samba running on these boxes is 3.5.4
We are looking to upgrade to Ubuntu 12.04 which runs samba 3.6.3
I am able to connect to the DC, and am able to see the users running the wbinfo
-u command, but when I run the getent passwd command I do not see the domain
users.
I was able to successfully downgrade to samba 3.5.4 and after connecting to the
DC I ran the command getent passwd and was able to see the domain users, and su
to that particular user successfully. The only issue here was due to dependency
issues downgrading to samba 3.5.4 resulted in libwbclient0 being downgraded
which resulted in the removal of ubuntu-desktop.
------------
/etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files winbind
group: files winbind
shadow: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
----------
/etc/samba/smb.conf
[global]
security = ads
realm = DOMAIN.COM
password server = pdc.domain.com bdc.domain.com
workgroup = DOMAIN
idmap backend = rid:DOMAN=10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
template homedir = /vhome/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2
I've seen other posts out there with similar problems, but haven't seen a
solution that works for me.
Hi, I use samba 3.6.3 to connect to a samba4 AD server, but my smb.conf
looks nothing like yours. The idmap lines have changed to:
idmap config HOME:schema_mode = rfc2307
idmap config HOME:range = 20000-3100000
idmap config HOME:backend = ad
idmap config *:range = 1100-2000
idmap config *:backend = tdb
You also should not use the password server line anymore, but you also
seem to have a spelling mistake: idmap backend = rid:DOMAN=10000-20000
The final thing is, if there is no unix info on the windows server,
winbind cannot pull it, you need the unix extension on the server
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
