Le 09/04/2013 09:34, Matthieu Patou a écrit : >> Le 08/04/2013 01:37, Matthieu Patou a écrit : >> Then, in the DC server, I have done: >> >> ----------------------------------------------- >> samba-tool domain provision # I keep the default answers each time, >> seems to work fine >> >> # 192.168.0.21 = IP of DC server which are DNS server (internal DNS) >> echo "nameserver 192.168.0.21" > /etc/resolv.conf >> >> ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so >> ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 >> vi /etc/nsswitch.conf # add winbind for passwd and group >> ldconfig >> samba >> -----------------------------------------------
[...] >> ----------------------------------------------- >> echo "nameserver 192.168.0.21" > /etc/resolv.conf >> samba-tool domain join chezmoi.priv MEMBER -U administrator >> --realm=CHEZMOI.PRIV # seems to work fine >> ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so >> ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 >> vi /etc/nsswitch.conf # add winbind for passwd and group >> ldconfig >> vi /usr/local/samba/etc/smb.conf # see below >> smbd && nmbd >> winbindd -i -d 10 >> ----------------------------------------------- >> >> And Boum ! I have the same error which I have described in my previous >> message. The winbindd command is stopped. [...] > Are you sure that the two host have a different name as you are creating > everything from the same base ? Yes I'm absolutely sure because the names of the 2 servers have been set *during* the installation with a netinstall CD : - hostname == "wheezy-server" for the DC server - hostname == "wheezy-2" for the MEMBER server > Also could you do a net join -d 10 and attach the secrets.tdb after the > first join ? Yes, no problem. But, you suggest I use this command: net ads join -d 10 -U administrator I would like to understand. For join a member server in a domain (with a Samba4 DC), which command should I use: 1. "net ads join -U administrator" or 2. "samba-tool domain join chezmoi.priv member -U administrator" ? So, if I understand well, you ask me to try the first command (net ads join) with "-d 10" option. Here: http://sisco.laf.free.fr/codes/samba4.zip you'll find the output of the "join" command in debug mode and the secrets.*db files (before and after the join, in the member server and in the dc server): - with the "net ads join -U administrator -d 10" command - and with the "samba-tool domain join chezmoi.priv MEMBER -U administrator" command >>> if so for the new user did you set the needed attributes ? >> I have just run: samba-tool user add test12 --random-password >> That's all. Which are the needed attributes? > When you specify rfc2307 winbindd expect to use uidNumber and gidNumber > in order to convert the SID to uid/gid, hence the error message. But is the "rfc2307" option in smb.conf really mandatory? 1. For example, when I install a "simple" Samba4 DC like this: ------------------------------------------------------------------- samba-tool domain provision # I keep the default answers each time echo "nameserver 192.168.0.21" > /etc/resolv.conf # The DNS is the DC himself ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 vi /etc/nsswitch.conf # add winbind for passwd and group ldconfig samba ------------------------------------------------------------------- It seems to work fine. "getent password", "wbinfo -u", "wbinfo -i user1", "wbinfo -n=user1" are OK, yet there is no "rfc2307" string in the default "smb.conf" file. 2. Another example. I have installed a member server like this (member of a Samba4 DC, I have no Windows server): ------------------------------------------------------------------- vi /usr/local/samba/etc/smb.conf # see below for the smb.conf file vi /usr/local/samba/etc/smb.conf # The DC is the DNS server ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 vi /etc/nsswitch.conf # add winbind ldconfig net ads join -U administrator smbd && nmbd && winbindd ------------------------------------------------------------------- with this smb.conf file: ------------------------------------------------------------------- # No refer to "rfc2307". [global] workgroup = CHEZMOI security = ADS realm = CHEZMOI.PRIV encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 70001-80000 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes ------------------------------------------------------------------- and the member server seems to work fine. If I create a user toto on the DC: samba-tool user add toto --random-password In the member, I have: root@member:~# wbinfo -i toto toto:*:70011:70001:toto:/home/CHEZMOI/toto:/bin/false root@member:~# wbinfo -n=toto S-1-5-21-1430849794-1775759099-2616264933-1112 SID_USER (1) The only "problem" that I see, it's with: root@member:~# wbinfo -u root@member:~# getent passwd Because the toto user isn't printed in the output. However, I wait during 5-6 minutes, the toto user appears in the output of this commands. Another solution: if I do: root@member:~# killall smbd nmbd winbindd root@member:~# smbd && nmbd && winbindd the toto user appears in the member server immediately Is this behavior (the 5-6 minutes period) normal? Is this configuration correct for a member server? Thanks for your help. -- François Lafont -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
