samba - Sep 2013 - Must Samba4 AD be provisionned with rfc2307 to use winbind ?

Hi all,

(Trying to connect squid, postfix, dovecot, pptp, etc ... to AD)

Samba 4.0.9, as PDC, on Ubuntu 12.04.3 server.
Compiled with : ./configure --enable-debug --enable-selftest
Domain provision : /usr/local/samba/bin/samba-tool domain provision

Despite my reads and tries, I'm unable to list the AD users from Linux.
/usr/local/samba/bin/wbinfo -t
/usr/local/samba/bin/wbinfo -u
/usr/local/samba/bin/wbinfo -g
are OK

but : getent passwd
only lists Linux users.

AD works OK and lot of work has been done onto.

If the rfc2307 option if required during domain provision, can I launch 
it without loosing the whole AD configuration ?

Thanks in advance for your time.
Nicolas

Hi Nicolas,
>
> (Trying to connect squid, postfix, dovecot, pptp, etc ... to AD)
>
> Samba 4.0.9, as PDC, on Ubuntu 12.04.3 server.
> Compiled with : ./configure --enable-debug --enable-selftest
> Domain provision : /usr/local/samba/bin/samba-tool domain provision
>
> Despite my reads and tries, I'm unable to list the AD users from Linux.
> /usr/local/samba/bin/wbinfo -t
> /usr/local/samba/bin/wbinfo -u
> /usr/local/samba/bin/wbinfo -g
> are OK
>
> but : getent passwd
> only lists Linux users.
in order to have getent password to work, you need to have the correct 
nss module in the path. It is not in the default path when compiling. 
Please take a look at http://wiki.samba.org/index.php/Samba4/Winbind

for a 32bit system, you can run :

ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

However if you are not using rfc2307, you will have random idmap (no rid 
idmap yet).

Cheers,

Denis
>
> AD works OK and lot of work has been done onto.
>
> If the rfc2307 option if required during domain provision, can I launch
> it without loosing the whole AD configuration ?
>
> Thanks in advance for your time.
> Nicolas

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, b?timent A
12 avenue Jules Verne
44230 Saint S?bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

On Fri, 2013-09-27 at 19:09 +1100, me at electronico.nc
wrote:
> Hi all,
> 
> (Trying to connect squid, postfix, dovecot, pptp, etc ... to AD)
> 
> Samba 4.0.9, as PDC, on Ubuntu 12.04.3 server.
> Compiled with : ./configure --enable-debug --enable-selftest
> Domain provision : /usr/local/samba/bin/samba-tool domain provision
> 
> Despite my reads and tries, I'm unable to list the AD users from Linux.
> /usr/local/samba/bin/wbinfo -t
> /usr/local/samba/bin/wbinfo -u
> /usr/local/samba/bin/wbinfo -g
> are OK
> 
> but : getent passwd
> only lists Linux users.
> 
> AD works OK and lot of work has been done onto.
> 
> If the rfc2307 option if required during domain provision, can I launch 
> it without loosing the whole AD configuration ?
Hi
No. You don't need to provision with rfc2307 to be able to use it. You
simply need to add the rfc2307 attributes to the DN's of the users.

e.g. use wbinfo to get the numbers:
wbinfo -i steve2
HH3\steve2:*:3000021:20513::/home/HH3/steve2:/bin/false

Now add:
uidNumber: 3000021
gidNumber: 20513
to steve2

An easy way to do that is with ldbedit. If you have a lot of users, use
a script and then add the attributes using ldbmodify.

I'd recommend using nslcd or sssd so that getent will pull the
information from AD.
HTH
Steve