Web lists-archives.com

Re: [Samba] Not able to list domain in new samba DC




Yes I did setup libnss_winbind.
wbinfo -u and -g on the domain member both work:

[root@testfsrv ~]# wbinfo -u
SAMDOM\testakin
SAMDOM\testsina
SAMDOM\testigein
SAMDOM\administrator
SAMDOM\krbtgt
SAMDOM\guest
[root@testfsrv ~]# wbinfo -g
SAMDOM\allowed rodc password replication group
SAMDOM\enterprise read-only domain controllers
SAMDOM\denied rodc password replication group
SAMDOM\read-only domain controllers
SAMDOM\group policy creator owners
SAMDOM\ras and ias servers
SAMDOM\domain controllers
SAMDOM\enterprise admins
SAMDOM\domain computers
SAMDOM\cert publishers
SAMDOM\dnsupdateproxy
SAMDOM\domain admins
SAMDOM\domain guests
SAMDOM\schema admins
SAMDOM\domain users
SAMDOM\dnsadmins

On Thu, Nov 9, 2017 at 3:35 PM, Rowland Penny <rpenny@xxxxxxxxx> wrote:
> On Thu, 9 Nov 2017 15:17:22 +0100
> Sina Owolabi <notify.sina@xxxxxxxxx> wrote:
>
>> Thanks Rowland!
>>
>> My current configs are:
>>
>> DC:
>>
>> # Global parameters
>> [global]
>>         dns forwarder = 8.8.8.8
>>         netbios name = TESTBOX
>>         realm = SAMDOM.TESTING.COM
>>         server role = active directory domain controller
>>         workgroup = SAMDOM
>>         idmap_ldb:use rfc2307 = yes
>>         log file = /var/log/samba/%m.log
>>         log level = 3
>>         tls enabled = yes
>>         template shell = /bin/bash
>>         template homedir = /share/%U
>
> See notes below:
>
>>         vfs objects = acl_xattr
>>         map acl inherit = yes
>>         store dos attributes = yes
>>         winbind enum groups = Yes
>>         winbind enum users = Yes
>>         idmap config * : backend = tdb
>>         idmap config * : range = 3000-7999
>>         idmap config SAMDOM:backend = ad
>>         idmap config SAMDOM:schema_mode = rfc2307
>>         idmap config  SAMDOM : range = 10000-999999
>>         idmap config  SAMDOM : unix_nss_info = yes
>>         idmap config SAMDOM:unix_primary_group = yes
>>         username map = /usr/local/samba/etc/user.map
>
> I think you may have misunderstood me, the 13 lines above should NEVER
> be added to the smb.conf on a DC, they belong in a Unix domain
> member smb.conf (except for the 'winbind enum' lines and they should
> only be used for testing purposes)
>
>>
>> Domain member/file server:
>
>>         idmap_ldb:use rfc2307 = yes
>
> This line should only be in a DC smb.conf
>
>> I was trying to walk through the creating shares bit and I noticed
>> that getent passwd and getent group dont work
>> Am I missing something else?
>>
>
> Have you set up libnss_winbind ?
>
> Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba