samba - Jul 2014 - sernet samba nss

Hello,

At this moment i setup a SAMBA 4 Memberserver. I installed the following 
packages:

ii  libwbclient0:amd64                 99:4.1.9-8                    
amd64        Glue package for sernet-samba-libs.
ii  sernet-samba                       99:4.1.9-8                    
amd64        SMB/CIFS file, print, and login server for Unix
ii  sernet-samba-ad                    99:4.1.9-8                    
amd64        Samba Active Directory Domain Controller
ii  sernet-samba-client                99:4.1.9-8                    
amd64        a LanManager-like simple client for Unix
ii  sernet-samba-common                99:4.1.9-8                    
all          Samba common files used by both the server and the client
ii  sernet-samba-keyring               1.4                           
all          GnuPG archive keys of the SerNet Samba archive
ii  sernet-samba-libpam-smbpass:amd64  99:4.1.9-8                    
amd64        Glue package for sernet-samba-libs.
ii  sernet-samba-libs:amd64            99:4.1.9-8                    
amd64        Samba common library files used by both the server and the 
client
ii  sernet-samba-libsmbclient0:amd64   99:4.1.9-8                    
amd64        Shared library that allows applications to talk to SMB servers
ii  sernet-samba-winbind               99:4.1.9-8                    
amd64        Samba nameservice integration serve

my smb.conf:

# Global parameters
[global]

    netbios name = SRV001
    workgroup = test
    security = ADS
    realm = test.local
    encrypt passwords = yes

    idmap config *:backend = tdb
    idmap config *:range = 70001-80000
    idmap config test:backend = ad
    idmap config test:schema_mode = rfc2307
    idmap config test:range = 500-40000

    winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes

    log level = 3

My nssswitch.conf:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

wbinfo -u tells me Domain Users, wbinfo -g tells me domain groups. But 
with getent passwd i don't see the domain users.

I used 
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Make_domain_users.2Fgroups_available_locally_through_Winbind

can you help me?

Hauke

On 25/07/14 05:39, Hauke Homburg wrote:
> Hello,
>
> At this moment i setup a SAMBA 4 Memberserver. I installed the 
> following packages:
>
> ii  libwbclient0:amd64 99:4.1.9-8                    amd64        Glue 
> package for sernet-samba-libs.
> ii  sernet-samba 99:4.1.9-8                    amd64        SMB/CIFS 
> file, print, and login server for Unix
> ii  sernet-samba-ad 99:4.1.9-8                    amd64        Samba 
> Active Directory Domain Controller
> ii  sernet-samba-client 99:4.1.9-8                    amd64        a 
> LanManager-like simple client for Unix
> ii  sernet-samba-common 99:4.1.9-8                    all          
> Samba common files used by both the server and the client
> ii  sernet-samba-keyring 1.4                           all          
> GnuPG archive keys of the SerNet Samba archive
> ii  sernet-samba-libpam-smbpass:amd64 99:4.1.9-8                    
> amd64        Glue package for sernet-samba-libs.
> ii  sernet-samba-libs:amd64 99:4.1.9-8                    amd64        
> Samba common library files used by both the server and the client
> ii  sernet-samba-libsmbclient0:amd64 99:4.1.9-8                    
> amd64        Shared library that allows applications to talk to SMB 
> servers
> ii  sernet-samba-winbind 99:4.1.9-8                    amd64        
> Samba nameservice integration serve
>
> my smb.conf:
>
> # Global parameters
> [global]
>
>    netbios name = SRV001
>    workgroup = test
>    security = ADS
>    realm = test.local
>    encrypt passwords = yes
>
>    idmap config *:backend = tdb
>    idmap config *:range = 70001-80000
>    idmap config test:backend = ad
>    idmap config test:schema_mode = rfc2307
>    idmap config test:range = 500-40000
>
>    winbind nss info = rfc2307
>    winbind trusted domains only = no
>    winbind use default domain = yes
>    winbind enum users  = yes
>    winbind enum groups = yes
>
>    log level = 3
>
> My nssswitch.conf:
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
installed,
> try:
> # `info libc "Name Service Switch"' for information about
this file.
>
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
> wbinfo -u tells me Domain Users, wbinfo -g tells me domain groups. But 
> with getent passwd i don't see the domain users.
>
> I used 
>
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Make_domain_users.2Fgroups_available_locally_through_Winbind
>
> can you help me?
>
> Hauke
I think that because you are using the sernet packages, you may have to 
set PAM up manually, see this post:

https://lists.samba.org/archive/samba/2014-April/180404.html

Rowland

On Fri, 2014-07-25 at 06:39 +0200, Hauke Homburg wrote:
> wbinfo -u tells me Domain Users, wbinfo -g tells me domain groups. But 
> with getent passwd i don't see the domain users.
Hi
Do your AD uidNumber attributes fall within the range 70001-80000?
HTH.
Steve