Web lists-archives.com

Re: [Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all




Le Sat, 18 Feb 2017 20:17:12 +0000
Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> écrivait:

> On Sat, 18 Feb 2017 19:12:39 +0000
> Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > I will set up debian in a VM and install the OS Samba packages and
> > see if I have problems, bear with me ;-)
> >   
> 
> OK, back with the result and it works for me ;-)
> 
> Debian Jessie network install, no GUI, using DHCP to set ipaddress.
> 
> Only change I made before installing Samba, was to comment the
> '127.0.1.1' line in /etc/hosts
> 
> apt-get install samba acl attr quota fam
> winbind libpam-winbind libpam-krb5 libnss-winbind krb5-config
> krb5-user ntp dnsutils ldb-tools
> 
> service smbd stop
> service nmbd stop
> service winbind stop
> 
> /etc/samba/smb.conf
> 
> [global]
>     workgroup = SAMDOM
>     security = ADS
>     realm = SAMDOM.EXAMPLE.COM
> 
>     dedicated keytab file = /etc/krb5.keytab
>     kerberos method = secrets and keytab
>     server string = Samba 4 Client %h
> 
>     winbind use default domain = yes
>     winbind expand groups = 4
>     winbind nss info = rfc2307
>     winbind refresh tickets = Yes
>     winbind offline logon = yes
>     winbind normalize names = Yes
> 
>     ## map ids outside of domain to tdb files.
>     idmap config *:backend = tdb
>     idmap config *:range = 2000-9999
>     ## map ids from the domain  the ranges may not overlap !
>     idmap config SAMDOM : backend = rid
>     idmap config SAMDOM : range = 10000-999999
>     template shell = /bin/bash
>     template homedir = /home/SAMDOM/%U
> 
>     domain master = no
>     local master = no
>     preferred master = no
>     os level = 20
>     map to guest = bad user
>     host msdfs = no
> 
>     # user Administrator workaround, without it you are unable to set
> privileges username map = /etc/samba/user.map
> 
>     # For ACL support on domain member
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
> 
>     # Share Setting Globally
>     unix extensions = no
>     reset on zero vc = yes
>     veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
>     hide unreadable = yes
> 
>     # disable printing completely
>     load printers = no
>     printing = bsd
>     printcap name = /dev/null
>     disable spoolss = yes
> 
> /etc/samba/user.map
> 
> !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> administrator
> 
> samba -V
> Version 4.2.14-Debian
> 
> /etc/krb5.conf
> 
> [libdefaults]
>     default_realm = SAMDOM.EXAMPLE.COM
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
> 
> chmod 644 /etc/krb5.conf
> 
> net ads join -U Administrator
> Using short domain name -- SAMDOM
> Joined 'DEBMEMBER' to dns domain 'samdom.example.com'
> 
> service smbd start
> service nmbd start
> service winbind start
> 
> /etc/nsswitch.conf
> 
> Add 'winbind' to the passwd & group lines
> 
> 'getent passwd' displays all users, local and AD
> 
> getent passwd rowland
> rowland:*:11107:10513:Rowland Penny:/home/rowland:/bin/bash
> 

Ok thank you Rowland, monday I'll try resetting everything from scratch,
deleting all tdb databases and stuff..


-- 
------------------------------------------------------------------------
Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac@xxxxxxxxxxxxxx>
                    |   +33 1 78 94 84 02
------------------------------------------------------------------------

Attachment: pgpynIafKe6y5.pgp
Description: Signature digitale OpenPGP

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba