Web lists-archives.com

Re: [Samba] getent not showing domain users and groups with winbind but works with sssd




Hi Louis and Rowland,

I'm just reporting back on this, in case it may help somebody else.

Getting a working getent (or id) under the current version of CentOS with winbind just doesn't seems possible. I haven't got a clue where the problem is. I have tried the suggestions, I did a clean installation, and built Samba myself from source, but no way. Installing sssd, a few lines of configuration, disabling winbind, and it just works. I just want to stress, that the problems I have had getting the Samba domain member to work, are most probably CentOS-related.

Unfortunately, I must leave it at this point, as I have spent way too much time already. At least I'm glad that I didn't upgrade the production server directly, and instead spent time trying to get things to work in the test environment. Otherwise there would have been tar and feathers at noon today.

A sincere thank you for your time and suggestions.

Peter



On 01.10.2018 13:40, L.P.H. van Belle via samba wrote:
Hai,

If you read the post on the debian bug list.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909465
You wil seen the workaround also, thats tested and works.

And I also suggest you adjest the startup order and to adjust your systemd settings is shown here.

Use : systemct edit name_of_service.service
This creates and override file in /etc/systemd/system/servicename.d/override.conf

If you want a full copy of the service file and edit that.
Use : systemct edit --full name_of_service.service
That wil be placed in /etc/systemd/system/
Editing this way, you wont get messages/questions when upgrading and your settins are in /etc/systemd
The system systems are in /lib/systemd

Currently im testing the following settings.

# /etc/systemd/system/smbd.service.d/override.conf
Wants=network.target
After=network.target nmbd.service


# /etc/systemd/system/winbind.service.d/override.conf
Wants=network-online.target
After=network.target network-online.target smbd.service

And Nmbd does not need adjustments.


But dont forget to install conform these steps. A few workarounds to make it work.
install a stand-alone server.
apt-get install samba
Next, to avoid the problem run :
net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin
or define the idmap in smb.conf

idmap config * : backend = tdb
idmap config * : range = 3000-7999

Now you can install winbind also, if you dont need winbind, then the bug does not show.

As of this point you can configure everything as usual.


Greetz,

Louis





-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Peter Milesson via samba
Verzonden: maandag 1 oktober 2018 13:28
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] getent not showing domain users and
groups with winbind but works with sssd


On 10/1/18 1:10 PM, Rowland Penny via samba wrote:
On Mon, 1 Oct 2018 12:13:58 +0200
Peter Milesson <miles@xxxxxxxx> wrote:

You are now hitting a bug in 4.9.1 that was discovered
last week by
Louis Van Belle. It seems to be an interaction between Samba and
systemd, I say this because it doesn't affect me on Devuan.

Rowland
Hi Rowland,

I'm using the standard CentOS Samba packages. The current Samba
version is 4.7.1. The server is 4.9.1, however.

Hmm, I wonder if this has been going on for sometime ?

As I said, I don't get this error and the Samba daemons are
started in
this order:
smbd
nmbd
winbind

  From the debian bug report by Louis, there is this
in /lib/systemd/system/smbd.service:

After=network.target network-online.target nmbd.service
winbind.service
Which from my (limited) knowledge of systemd, means 'smbd'
will only be
started after 'nmbd' & 'winbind'. This, in my opinion, is
totally wrong.
If your version of the file is the same, try removing
'winbind.service'
and see if this helps.

Rowland

Hi Rowland,

Order does not seem to be important. I have tried to start
the daemons
manually in different order. Does not help.

As the self compiled AD DC works beautifully, I'll wipe the
installation
and compile Samba myself from the 4.9.1 sources. Being lazy and
installing what's thrown at you evidently didn't pay off in this case.

Thanks for your help anyway.

I wish you a nice day,

Peter



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba