Hi! I am trying to set a FreeBSD 7.2, Samba 3.3.8 as an AD domain member server. I am not using LDAP, but idmap_rid. I have properly configured nsswitch.conf. Joining to domain and wbinfo -u work OK, but when I try pw show user -a I get only user accounts of FreeBSD. So, I cannot set owners, ACLs... My main source is Samba guide chapter 7: http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#id2597100 All tests from Procedure 7.4 of the guide, except getent (eq. to pw show user -a) work OK. It seems that FreeBSD does not use nsswitch. What should I do or what I am missing? Thanks in advance fro your help. -- View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26204285.html Sent from the Samba - General mailing list archive at Nabble.com.
2009/11/4 Ivo Karabojkov <ivo at kit-bg.com>:> I am trying to set a FreeBSD 7.2, Samba 3.3.8 as an AD domain member server. > I am not using LDAP, but idmap_rid. I have properly configured > nsswitch.conf. > > Joining to domain and wbinfo -u work OK, but when I try > pw show user -a > I get only user accounts of FreeBSD. So, I cannot set owners, ACLs... > > My main source is Samba guide chapter 7: > http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#id2597100 > All tests from Procedure 7.4 of the guide, except getent (eq. to pw show > user -a) work OK. > > It seems that FreeBSD does not use nsswitch. What should I do or what I am > missing?[...] I have no idea what the problem is, but FreeBSD does seem to use nsswitch: http://www.freebsd.org/cgi/man.cgi?query=nsswitch.conf&apropos=0&sektion=0&manpath=FreeBSD+7.2-RELEASE&format=html -- Michael Wood <esiotrot at gmail.com>
Ivo Karabojkov
2009-Nov-22  18:01 UTC
[Samba] FreeBSD 7.2 domain member problem - partially SOLVED
So I kept "hitting my head in the wall" and here is my partial but satisfying solution: I was totally unable to get idmap_rid working! So I am using the default IDMAP backend - tdb. The problem with not working pw user / group show -a or getent passwd / group was that nss_winbind.so was not where it supposed to. To correct this I used: ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/ ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.2 Now all my users and groups are visible with pw or getent! rid backend would give predictable sid <-> uid/gid mapping, with this solution mapping changes every time server is joined to AD domain. But I failed setting it up - it seems idmap_rid does not map anything... If someone may help with better solution I will be grateful. -- View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26466399.html Sent from the Samba - General mailing list archive at Nabble.com.