On Thu, 2013-08-29 at 11:14 +1200, Andrew Bartlett wrote: > On Wed, 2013-08-28 at 20:11 -0300, Carlos Alberto Borges Garcia wrote: > > Hi, > > > > I have one Samba4 server running as Active Directory Domain Controller. > > It's working like a charm. > > > > So I needed to add another server to be a Member Server (File Server). > > > > The server is running samba-4.0.9. > > > > Configured and compiled ok: > > > > ./configure --prefix=/usr/local/samba --sysconfdir=/etc > > --localstatedir=/var --mandir=/usr/man --bindir=/usr/bin > > --sbindir=/usr/sbin --libdir=/lib --enable-fhs --with-ads > > --with-shared-modules=idmap_ad,pam > > > > Installed ok. > > > > Kerberos OK. > > I can run kinit and klist > > > > root@MYNETSRV08:/etc/samba# kinit Administrator > > Password for [email protected]: > > root@MYSRV08:/etc/samba# > > > > root@MYNETSRV08:/etc/samba# klist > > Ticket cache: FILE:/tmp/krb5cc_0 > > Default principal: [email protected] > > > > Valid starting Expires Service principal > > 28/08/2013 19:59 29/08/2013 05:59 krbtgt/[email protected] > > renew until 29/08/2013 19:59 > > root@MYNETSRV08:/etc/samba# > > > > My SMB.CONF is below: > > > > [global] > > > > workgroup = MYNET > > security = ADS > > realm = MYNET.NET > > encrypt passwords = yes > > > > idmap config *:backend = tdb > > idmap config *:range = 70001-80000 > > idmap config MYNET:backend = ad > > idmap config MYNET:schema_mode = rfc2307 > > > > idmap config MYNET:range = 500-40000 > > > > winbind nss info = rfc2307 > > winbind trusted domains only = no > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > > > [test] > > path = /mnt/files > > read only = no > > > > > > > > I can add my server to domain: > > > > root@PCOSRV08:/etc/samba# net ads join -U administrator > > Enter administrator's password: > > Using short domain name -- MYNET > > Joined 'MYNETSRV08' to dns domain 'mynet.net' > > root@MYNETSRV08:/etc/samba# > > > > libnss_winbind.so is in the right place: > > > > root@MYNETSRV08:/etc/samba# ls /lib/libnss_winbind.so* > > /lib/libnss_winbind.so /lib/libnss_winbind.so.2 > > > > The libs are loaded fine: > > > > root@MYNETSRV08:/etc/samba# ldconfig -v | grep libnss > > libnss_hesiod.so.2 -> libnss_hesiod-2.13.so > > libnss_compat.so.2 -> libnss_compat-2.13.so > > libnss_dns.so.2 -> libnss_dns-2.13.so > > libnss_ldap.so.2 -> libnss_ldap.so.2 > > libnss_nis.so.2 -> libnss_nis-2.13.so > > libnss_nisplus.so.2 -> libnss_nisplus-2.13.so > > libnss_files.so.2 -> libnss_files-2.13.so > > libnss_wins.so -> libnss_wins.so.2 > > libnss_winbind.so -> libnss_winbind.so.2 > > libnss_hesiod.so.2 -> libnss_hesiod-2.13.so > > libnss_compat.so.2 -> libnss_compat-2.13.so > > libnss_dns.so.2 -> libnss_dns-2.13.so > > libnss_nis.so.2 -> libnss_nis-2.13.so > > libnss_nisplus.so.2 -> libnss_nisplus-2.13.so > > libnss_files.so.2 -> libnss_files-2.13.so > > root@MYNETSRV08:/etc/samba# > > > > I added winbind to my nsswitch.conf > > > > passwd: compat winbind > > group: compat winbind > > > > I can start the daemon without issues: > > > > smbd > > nmbd > > winbindd > > > > "wbinfo -u" list all my domain users > > > > "wbinfo -g" list all my domain groups > > > > > > Here is the problems: > > > > When I run "getent passwd", it lists only the local users. > > For performance reasons, by default we do not list users in the AD > domain. See winbind enum users in your smb.conf
His smb.conf above shows that the OP has those lines for both users and groups. > > > When I run "id Administrator", it returns "No such user". > > You need to use 'id MYNET\\administrator' > smb.conf has: winbind use default domain = Yes Do we still need MYNET\\? Do your users have entries for: uidNumber and gidNumber in AD? Cheers Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
