Web lists-archives.com

Re: [Samba] getent passwd user no output, addc + dm




Hi, I have run the ldbsearch command substituting my correct path
/var/lib/samba/private and the correct domain. In both cases I am
getting the following results:

# returned 3 records
# 0 entries
# 3 referrals

# returned 3 records
# 0 entries
# 3 referrals

thank you for gibing me hope in the tunnel.
I will read the man page about ldbmodify and see what I can come up with.

In the mean time, it seams that ldbsearch can reach ADDC when launched from DM:
root@ubuntu-dm1:~# ldbsearch -H ldap://dc1 -U administrator

...produces

# returned 272 records
# 269 entries
# 3 referrals

Hopefully I am on the right path.

On Fri, Feb 17, 2017 at 4:11 PM, Rowland Penny via samba
<samba@xxxxxxxxxxxxxxx> wrote:
> On Fri, 17 Feb 2017 15:37:27 -0600
> Lin Pro <linforpros@xxxxxxxxx> wrote:
>
>> ////ldbsearch does though, or ADUC on a windows version less than
>> 10////
>>
>> Are you saying then that the problem would be in the group ID numbers
>> and user ID numbers in the case that I'm describing?
>
> What I am saying is that it looks like your users in AD do not have a
> uidNumber attribute and/or Domain Users does not have a gidNumber
> attribute.
>
>>
>> I installed LTB tools and I'm trying to figure out how to find out
>> about those uid numbers
>>
> OK, run this on your Samba AD DC:
>
> ldbsearch -H /usr/local/samba/private/sam.ldb -b
> 'dc=samdom,dc=example,dc=com' -s sub
> "(&(objectClass=person)(uidNumber=*))" dn uidNumber
>
> Just in case it has got split up, the above should be all one line.
>
> /usr/local/samba/private/sam.ldb is the full path to sam.ldb, yours may be different
>
> dc=samdom,dc=example,dc=com is the base DN of your AD, yours will be different, it is your dns name with the dots replaced.
>
> If you have any 'uidNumber' attributes in AD, it will print the DN and uidNumber
>
> Run this to check if Domain Users has a gidNumber
>
> ldbsearch -H /usr/local/samba/private/sam.ldb -b
> 'dc=samdom,dc=example,dc=com' -s sub "(&(objectClass=group)(cn=Domain
> Users)(gidNumber=*))" dn gidNumber
>
> If you don't get any results, this is your problem and I am very sure
> this is your problem. In which case read up on ldbmodify and/or the
> Unix Attributes tab on RSAT ADUC, both of which are on the Samba wiki.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



-- 
best regards
linforpros

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba