Web lists-archives.com

[Samba] Samba 4.5: trying to setup an omnios system as a DC member




Hello,

I'm trying to setup an omnios system as a Samba DC member, and I need AD backend for consistent IDs on all Samba clients.
The AD join is successful, the wbinfo shows the AD users

# /opt/samba/bin/wbinfo -n andrea
S-1-5-21-2680195940-2267646359-3814218302-1109 SID_USER (1)

however, " getent passwd ..." returns nothing for the user (all the AD user)

I have enabled debugging and I can see the following relevant error:

[2018/06/19 15:53:54.302030,  5, pid=638, effective(0, 0), real(0, 0)] ../source3/libads/ldap_utils.c:81(ads_do_search_retry_internal)
  Search for (uid=andrea) in <dc=HYPERFILE,dc=NET> gave 0 replies
[2018/06/19 15:53:54.302082,  5, pid=638, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1276(resolve_alias_to_username)   resolve_alias_to_username: backend query returned NT_STATUS_OBJECT_NAME_NOT_FOUND
...
[2018/06/19 15:53:54.309621,  5, pid=638, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)   Could not convert sid S-1-5-21-2680195940-2267646359-3814218302-1109: NT_STATUS_NONE_MAPPED

Also the command wbinfo fails to convert the SID to UID

# /opt/samba/bin/wbinfo -S S-1-5-21-2680195940-2267646359-3814218302-1109
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-2680195940-2267646359-3814218302-1109 to uid

This is the relevant smb.conf:

===============================
[global]
    log file = /opt/samba/log/%m.log
    log level = 10
    workgroup = HYPERFILE
    security = ADS
    realm = HYPERFILE.NET
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    server string = Data %h
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind expand groups = 4
    winbind nss info = rfc2307
    winbind refresh tickets = Yes
    winbind normalize names = Yes

    idmap config * : backend = tdb
    idmap config * : range = 1000000-2000000
    idmap config * : schema_mode = rfc2307

idmap config HYPERFILE:backend = ad
idmap config HYPERFILE:schema_mode = rfc2307
idmap config HYPERFILE:range = 1000-9999
idmap config HYPERFILE:unix_primary_group = yes

username map = /opt/samba/etc/user.map
client ldap sasl wrapping = plain
os level = 20
map to guest = bad user
host msdfs = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
load printers = no
=====================

If I remove in the smb.conf the entries "idmap config HYPERFILE ...", it works.
Any help would be appreciated.

Regards
Andrea

--
Gestione problematica Andrea Cucciarrè
Technical Support Engineer | EMEA
acucciarre@xxxxxxxxxxxx



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba