Web lists-archives.com

[Samba] getenv does not return any AD DOMAIN users or groups - ?nsswitch is not setup for Samba?

The problem is that getenv does not return any AD domain users or groups. From much research this seems to be because nsswitch is not setup for Samba.

I would really appreciate some assistance as I think this is my last hurdle for actually being able to use this test file server.

Ubuntu server 18.04 - Samba installed and configured (almost)
Kerberos functioning. wbinfo --ping-dc successfully contacts domain server
Browse server from windows client sees printer share

The Libnss winbind Links Wiki says to do this:

# smbd -b | grep LIBDIR  >>> smdb... doesn't work but samba -b does work
LIBDIR: /usr/local/samba/lib/
# ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/
# ln -s /lib/x86_64-linux-gnu/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
# ldconfig

Although as seen below there doesn't seem to be a LIBDIR entry, it seemed as if it might be /usr/lib/x86_64-linux-gnu/samba so I ran the above ln commands with this in mind. It didn't work. I also appended "files windbind" to the 2 entries in nsswitch.conf.

~$ samba -b
Samba version: 4.7.6-Ubuntu
Build environment:

BINDIR: /usr/bin
SBINDIR: /usr/sbin
CONFIGFILE: /etc/samba/smb.conf
NCALRPCDIR: /var/run/samba/ncalrpc
LOGFILEBASE: /var/log/samba
LMHOSTSFILE: /etc/samba/lmhosts
DATADIR: /usr/share
MODULESDIR: /usr/lib/x86_64-linux-gnu/samba
LOCKDIR: /var/run/samba
STATEDIR: /var/lib/samba
CACHEDIR: /var/cache/samba
PIDDIR: /var/run/samba
PRIVATE_DIR: /var/lib/samba/private
CODEPAGEDIR: /usr/share/samba/codepages
SETUPDIR: /usr/share/samba/setup
WINBINDD_SOCKET_DIR: /var/run/samba/winbindd
NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd
It doesn't seem there is a LIBDIR. Not sure what to do about that. The folder /usr/local/samba/lib does not exist.

~$ locate libnss_winbind
Samba config:

dns forwarder = my.DNS.ip.address
dns proxy = No
log file = /var/log/samba/log.%m
logging = syslog@1 /var/log/samba/log.%m
map to guest = Bad User
max log size = 1000
panic action = /usr/share/samba/panic-action %d
realm = DOMAIN.COM
security = ADS
server role = member server
server string = %h server (Samba, Ubuntu)
template shell = /bin/bash
usershare allow guests = Yes
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind use default domain = Yes
workgroup = DOMAIN
idmap config DOMAIN : range = 50000-1000000
idmap config DOMAIN : backend = ad
idmap config * : range = 3000-7999
idmap config * : backend = tbd
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr

browseable = No
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes
[print$] comment = Printer Drivers path = /var/lib/samba/printers

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba