samba - Jun 2014 - Samba 4 / idmap / NIS / winbind

Hi,

how can i get work Samba 4 Sernet 4.1.7 correctly with NIS. Ist provisioned with
rfc2307.

When i query a User withi get the following.
	
getent passwd testswi
SWI\testswi:*:10000:100:testswi:/home/SWI/testswi:/bin/false

I want to change /bin/false to a other value /bin/bash

I tried many things to change the value.

1. ldbedit -e vim -H /var/lib/samba/private/sam.ldb samaccountname=testswi
i added  "loginShell = /bin/bash" and got

----------------------------------------------------------------------------------------------------------------------------
# record 1
dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: testswi
givenName: testswi
instanceType: 4
whenCreated: 20140530142421.0Z
displayName: testswi
uSNCreated: 12359
name: testswi
objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
userAccountControl: 66048
codePage: 0
countryCode: 0
pwdLastSet: 130459334610000000
primaryGroupID: 513
objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
accountExpires: 9223372036854775807
sAMAccountName: testswi
sAMAccountType: 805306368
userPrincipalName: testswi at swi.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
loginShell: /bin/bash
whenChanged: 20140605153458.0Z
uSNChanged: 13969
distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
----------------------------------------------------------------------------------------------------------------------------

nothing changed always /bin/false when i use getent passwd ...

2. i tried the the Windows Remote Administration Tools and the Unix tab in
Windows

I added NIS Domain, UID, GID, home and login shell but also nothing changed... i
got the following

# record 1
dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: testswi
givenName: testswi
instanceType: 4
whenCreated: 20140530142421.0Z
displayName: testswi
uSNCreated: 12359
name: testswi
objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
userAccountControl: 66048
codePage: 0
countryCode: 0
pwdLastSet: 130459334610000000
primaryGroupID: 513
objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
accountExpires: 9223372036854775807
sAMAccountName: testswi
sAMAccountType: 805306368
userPrincipalName: testswi at swi.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
loginShell: /bin/bash
whenChanged: 20140607194437.0Z
uSNChanged: 14355
unixUserPassword: ABCD!efgh12345$67890
uid: testswi
msSFU30Name: testswi
msSFU30NisDomain: swi
uidNumber: 10000
gidNumber: 100
unixHomeDirectory: /home/testswi
distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local

when i use getent passwd testswi i always get the same as above. /bin/false

Questions.

Is that a problem from winbind in samba 4 that not all thing will correctly set
or supported? W

Where get getent passwd ... the information from? I know ist winbind but whats
wrong?

I read about some user they use sssd or nlcd. Is that the solution for samba 4?

I am confused. Anyone who can explain that?

Thanks for help

Sven Vogel

On 07/06/14 21:31, Vogel, Sven wrote:
> Hi,
>
> how can i get work Samba 4 Sernet 4.1.7 correctly with NIS. Ist provisioned
with rfc2307.
>
> When i query a User withi get the following.
> 	
> getent passwd testswi
> SWI\testswi:*:10000:100:testswi:/home/SWI/testswi:/bin/false
>
> I want to change /bin/false to a other value /bin/bash
>
> I tried many things to change the value.
>
> 1. ldbedit -e vim -H /var/lib/samba/private/sam.ldb samaccountname=testswi
> i added  "loginShell = /bin/bash" and got
>
>
----------------------------------------------------------------------------------------------------------------------------
> # record 1
> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: testswi
> givenName: testswi
> instanceType: 4
> whenCreated: 20140530142421.0Z
> displayName: testswi
> uSNCreated: 12359
> name: testswi
> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
> userAccountControl: 66048
> codePage: 0
> countryCode: 0
> pwdLastSet: 130459334610000000
> primaryGroupID: 513
> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
> accountExpires: 9223372036854775807
> sAMAccountName: testswi
> sAMAccountType: 805306368
> userPrincipalName: testswi at swi.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
> loginShell: /bin/bash
> whenChanged: 20140605153458.0Z
> uSNChanged: 13969
> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>
----------------------------------------------------------------------------------------------------------------------------
>
> nothing changed always /bin/false when i use getent passwd ...
>
> 2. i tried the the Windows Remote Administration Tools and the Unix tab in
Windows
>
> I added NIS Domain, UID, GID, home and login shell but also nothing
changed... i got the following
>
> # record 1
> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: testswi
> givenName: testswi
> instanceType: 4
> whenCreated: 20140530142421.0Z
> displayName: testswi
> uSNCreated: 12359
> name: testswi
> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
> userAccountControl: 66048
> codePage: 0
> countryCode: 0
> pwdLastSet: 130459334610000000
> primaryGroupID: 513
> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
> accountExpires: 9223372036854775807
> sAMAccountName: testswi
> sAMAccountType: 805306368
> userPrincipalName: testswi at swi.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
> loginShell: /bin/bash
> whenChanged: 20140607194437.0Z
> uSNChanged: 14355
> unixUserPassword: ABCD!efgh12345$67890
> uid: testswi
> msSFU30Name: testswi
> msSFU30NisDomain: swi
> uidNumber: 10000
> gidNumber: 100
> unixHomeDirectory: /home/testswi
> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>
> when i use getent passwd testswi i always get the same as above. /bin/false
>
> Questions.
>
> Is that a problem from winbind in samba 4 that not all thing will correctly
set or supported? W
>
> Where get getent passwd ... the information from? I know ist winbind but
whats wrong?
>
> I read about some user they use sssd or nlcd. Is that the solution for
samba 4?
>
> I am confused. Anyone who can explain that?
>
> Thanks for help
>
> Sven Vogel
>
>
HI, add 'template shell = /bin/bash' to smb.conf and restart samba, or 
add the required RFC2307 attributes to the users and groups.

Rowland

On Sat, 2014-06-07 at 20:31 +0000, Vogel, Sven wrote:
> nothing changed always /bin/false when i use getent passwd ...
> 
> 2. i tried the the Windows Remote Administration Tools and the Unix tab in
Windows
> 
> I added NIS Domain, UID, GID, home and login shell but also nothing
changed... i got the following
> 
> # record 1
> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: testswi
> givenName: testswi
> instanceType: 4
> whenCreated: 20140530142421.0Z
> displayName: testswi
> uSNCreated: 12359
> name: testswi
> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
> userAccountControl: 66048
> codePage: 0
> countryCode: 0
> pwdLastSet: 130459334610000000
> primaryGroupID: 513
> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
> accountExpires: 9223372036854775807
> sAMAccountName: testswi
> sAMAccountType: 805306368
> userPrincipalName: testswi at swi.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
> loginShell: /bin/bash
> whenChanged: 20140607194437.0Z
> uSNChanged: 14355
> unixUserPassword: ABCD!efgh12345$67890
> uid: testswi
> msSFU30Name: testswi
> msSFU30NisDomain: swi
> uidNumber: 10000
> gidNumber: 100
> unixHomeDirectory: /home/testswi
> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
> 
> when i use getent passwd testswi i always get the same as above. /bin/false
> 
> Questions.
> 
> Is that a problem from winbind in samba 4 that not all thing will correctly
set or supported? W
> 
> Where get getent passwd ... the information from? I know ist winbind but
whats wrong?
> 
> I read about some user they use sssd or nlcd. Is that the solution for
samba 4?
> 
> I am confused. Anyone who can explain that?
Hi
winbind will not extract the loginShell or the unixHomeDrirector from
AD. If you wish to do this on the DC, you must use nslcd, nss-ldap or
sssd.
HTH
Steve

On Sat, Jun 7, 2014 at 4:31 PM, Vogel, Sven
<Sven.Vogel at kupper-computer.com> wrote:
> Hi,
>
> how can i get work Samba 4 Sernet 4.1.7 correctly with NIS. Ist provisioned
with rfc2307.
What is your base OS.? It profoundly affects the availability, and how
to most easily configure, tools like NIS and sssd.

>
> When i query a User withi get the following.
>
> getent passwd testswi
> SWI\testswi:*:10000:100:testswi:/home/SWI/testswi:/bin/false
>
> I want to change /bin/false to a other value /bin/bash
>
> I tried many things to change the value.
>
> 1. ldbedit -e vim -H /var/lib/samba/private/sam.ldb samaccountname=testswi
> i added  "loginShell = /bin/bash" and got
>
>
----------------------------------------------------------------------------------------------------------------------------
> # record 1
> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: testswi
> givenName: testswi
> instanceType: 4
> whenCreated: 20140530142421.0Z
> displayName: testswi
> uSNCreated: 12359
> name: testswi
> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
> userAccountControl: 66048
> codePage: 0
> countryCode: 0
> pwdLastSet: 130459334610000000
> primaryGroupID: 513
> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
> accountExpires: 9223372036854775807
> sAMAccountName: testswi
> sAMAccountType: 805306368
> userPrincipalName: testswi at swi.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
> loginShell: /bin/bash
> whenChanged: 20140605153458.0Z
> uSNChanged: 13969
> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>
----------------------------------------------------------------------------------------------------------------------------
>
> nothing changed always /bin/false when i use getent passwd ...
>
> 2. i tried the the Windows Remote Administration Tools and the Unix tab in
Windows
>
> I added NIS Domain, UID, GID, home and login shell but also nothing
changed... i got the following
>
> # record 1
> dn: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: testswi
> givenName: testswi
> instanceType: 4
> whenCreated: 20140530142421.0Z
> displayName: testswi
> uSNCreated: 12359
> name: testswi
> objectGUID: d6ebbae7-8ec0-4a89-828d-58c10a7c9f99
> userAccountControl: 66048
> codePage: 0
> countryCode: 0
> pwdLastSet: 130459334610000000
> primaryGroupID: 513
> objectSid: S-1-5-21-1143642306-2581635645-836595807-1605
> accountExpires: 9223372036854775807
> sAMAccountName: testswi
> sAMAccountType: 805306368
> userPrincipalName: testswi at swi.local
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=swi,DC=local
> loginShell: /bin/bash
> whenChanged: 20140607194437.0Z
> uSNChanged: 14355
> unixUserPassword: ABCD!efgh12345$67890
> uid: testswi
> msSFU30Name: testswi
> msSFU30NisDomain: swi
> uidNumber: 10000
> gidNumber: 100
> unixHomeDirectory: /home/testswi
> distinguishedName: CN=testswi,OU=Benutzer,OU=SWI,DC=swi,DC=local
>
> when i use getent passwd testswi i always get the same as above. /bin/false
>
> Questions.
>
> Is that a problem from winbind in samba 4 that not all thing will correctly
set or supported? W
>
> Where get getent passwd ... the information from? I know ist winbind but
whats wrong?
>
> I read about some user they use sssd or nlcd. Is that the solution for
samba 4?
>
> I am confused. Anyone who can explain that?
>
> Thanks for help
>
> Sven Vogel
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba