samba - Dec 2014 - Member Server Setup Assistance

Hello Stefan,

     I learned the hard way about .local. I understand going forward.

I do have an issue with the member server. Following along with the wiki 
I get stuck at 'Testing the Winbind user/group mapping'. Wbinfo works as
expected but not

#*id DomainUser*

#*getent passwd*

#*getent group*

#*chown DomainUser:DomainGroup file*

#*chgrp DomainGroup file*

etc.

I receive 'id: sambauser: No such user'. It will only retrieve local 
machine users. Let me preface by saying this is a Ubuntu 12.04 server 
with Samba 4.1.14.  Thanks.

On 12/31/2014 10:00 AM, Stefan Kania wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello James,
>
> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>> I'm following along with the wiki(Setup a Samba AD Member Server)
>> and I have a question after reading the 'Set up a basic
smb.conf'
>> section.
> Please show us your smb.conf
>
>   Do I need to extend the schema in order for my member server to
>> successfully join and service file shares?
> No, you dont have to.
>
> Do I need to configure a
>> krb5.conf file? Thanks.
> If your DC is a samba4 DC just copy krb5.conf to your new memberserver
> Stefan
>
> - -- 
> Stefan Kania
> Landweg 13
> 25693 St. Michaelisdonn
>
>
> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
> E-Mail. Weiter Informationen unter http://www.gnupg.org
>
> Mein Schl?ssel liegt auf
>
> hkp://subkeys.pgp.net
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
> =SOSt
> -----END PGP SIGNATURE-----
-- 
-James

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you added winbind to your /etc/nsswitch.conf?

- --John

On 12/31/2014 07:42 AM, James wrote:
> Hello Stefan,
> 
> I learned the hard way about .local. I understand going forward.
> 
> I do have an issue with the member server. Following along with the
> wiki I get stuck at 'Testing the Winbind user/group mapping'.
> Wbinfo works as expected but not
> 
> #*id DomainUser*
> 
> #*getent passwd*
> 
> #*getent group*
> 
> #*chown DomainUser:DomainGroup file*
> 
> #*chgrp DomainGroup file*
> 
> etc.
> 
> I receive 'id: sambauser: No such user'. It will only retrieve
> local machine users. Let me preface by saying this is a Ubuntu
> 12.04 server with Samba 4.1.14.  Thanks.
> 
> On 12/31/2014 10:00 AM, Stefan Kania wrote: Hello James,
> 
> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>> I'm following along with the wiki(Setup a Samba AD Member
>>>> Server) and I have a question after reading the 'Set up a
>>>> basic smb.conf' section.
> Please show us your smb.conf
> 
> Do I need to extend the schema in order for my member server to
>>>> successfully join and service file shares?
> No, you dont have to.
> 
> Do I need to configure a
>>>> krb5.conf file? Thanks.
> If your DC is a samba4 DC just copy krb5.conf to your new
> memberserver Stefan
> 
> -- Stefan Kania Landweg 13 25693 St. Michaelisdonn
> 
> 
> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie
> ihre E-Mail. Weiter Informationen unter http://www.gnupg.org
> 
> Mein Schl?ssel liegt auf
> 
> hkp://subkeys.pgp.net
> 
> 
- -- 
John Yocum, Systems Administrator, DEOHS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUpBp0AAoJEOVChvkvSCla/tAH/AkNfWb8ug3dDME8P6iKHGZ7
NR9zg1lsNoWJy+jFMTcZW2HEhSt2glJoPoRv+/qJx8svSqNi1V7830VMmR3VT16x
+mv7/4FPKu20VIprmzJbhdQamKIMA+FxsxuJP90nDLzyAtWHcz7fxqsi4lbqh4W1
giKSgsKkwvADQwk4QbXyWfqfODyYgO4q6G7csQu7Ffc5Ey1y3LZRdup+9wDgKP2Y
N7EGodnFvOaCOb5gda1c0FRVWQ4mnJYRdRwdd9nxltFXfm9bmCKy30VK/w/Wh/vi
CfHlK27FKUTVMdOkSyvnsv7p2tt79byruZBV68VsNVdfcUW4lbJCFelaHbOxPo4=V+7G
-----END PGP SIGNATURE-----

On 31/12/14 15:42, James wrote:
> Hello Stefan,
>
>     I learned the hard way about .local. I understand going forward.
>
> I do have an issue with the member server. Following along with the 
> wiki I get stuck at 'Testing the Winbind user/group mapping'.
Wbinfo
> works as expected but not
>
> #*id DomainUser*
>
> #*getent passwd*
>
> #*getent group*
>
> #*chown DomainUser:DomainGroup file*
>
> #*chgrp DomainGroup file*
>
> etc.
>
> I receive 'id: sambauser: No such user'. It will only retrieve
local
> machine users. Let me preface by saying this is a Ubuntu 12.04 server 
> with Samba 4.1.14.  Thanks.
>
> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello James,
>>
>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>> I'm following along with the wiki(Setup a Samba AD Member
Server)
>>> and I have a question after reading the 'Set up a basic
smb.conf'
>>> section.
>> Please show us your smb.conf
>>
>>   Do I need to extend the schema in order for my member server to
>>> successfully join and service file shares?
>> No, you dont have to.
>>
>> Do I need to configure a
>>> krb5.conf file? Thanks.
>> If your DC is a samba4 DC just copy krb5.conf to your new memberserver
>> Stefan
>>
>> - -- Stefan Kania
>> Landweg 13
>> 25693 St. Michaelisdonn
>>
>>
>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>
>> Mein Schl?ssel liegt auf
>>
>> hkp://subkeys.pgp.net
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>>
>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>> =SOSt
>> -----END PGP SIGNATURE-----
>
If you followed the wiki, you will be using the 'ad' backend. For this 
to work, you need to add 'uidNumber' attributes to your users and a 
'gidNumber' attribute to at least the Domain Users group. the numbers 
that you add must be between the range you set in your smb.conf, again 
if you followed the wiki, this will be between 500-40000.

Rowland

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello James,

do you see your users and groups with "wbinfo -u" and "wbinfo
-g"?
Did you install "heimdal-clients" to test with "kinit" to
get a
Kerberos-Ticket?
Did you put "winbind" behind "passwd" and "group"
in /etc/nsswitch.conf?

Idmapping starting with 500:
  idmap config DOMAIN:range = 500-40000
can be a problem because most distributions use UIDs up to 1000 for
local users

Stefan

Am 31.12.14 um 16:42 schrieb James:
> Hello Stefan,
> 
> I learned the hard way about .local. I understand going forward.
> 
> I do have an issue with the member server. Following along with the
> wiki I get stuck at 'Testing the Winbind user/group mapping'.
> Wbinfo works as expected but not
> 
> #*id DomainUser*
> 
> #*getent passwd*
> 
> #*getent group*
> 
> #*chown DomainUser:DomainGroup file*
> 
> #*chgrp DomainGroup file*
> 
> etc.
> 
> I receive 'id: sambauser: No such user'. It will only retrieve
> local machine users. Let me preface by saying this is a Ubuntu
> 12.04 server with Samba 4.1.14.  Thanks.
> 
> On 12/31/2014 10:00 AM, Stefan Kania wrote: Hello James,
> 
> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>> I'm following along with the wiki(Setup a Samba AD Member
>>>> Server) and I have a question after reading the 'Set up a
>>>> basic smb.conf' section.
> Please show us your smb.conf
> 
> Do I need to extend the schema in order for my member server to
>>>> successfully join and service file shares?
> No, you dont have to.
> 
> Do I need to configure a
>>>> krb5.conf file? Thanks.
> If your DC is a samba4 DC just copy krb5.conf to your new
> memberserver Stefan
> 
> -- Stefan Kania Landweg 13 25693 St. Michaelisdonn
> 
> 
> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie
> ihre E-Mail. Weiter Informationen unter http://www.gnupg.org
> 
> Mein Schl?ssel liegt auf
> 
> hkp://subkeys.pgp.net
> 
> 
- -- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schl?ssel liegt auf

hkp://subkeys.pgp.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iEYEARECAAYFAlSkHI8ACgkQ2JOGcNAHDTYBeQCg2fW6PnVjB0Mxd1BBZQ24H66T
COcAoMLaz/F7xtaKDld+QcfTFUQqLIqG
=eJu2
-----END PGP SIGNATURE-----

Hello Stefan,

     Wbinfo does work. Winbind is included in my nsswitch.conf. Knit and 
klist gives me a ticket.

Just checked and my local users start with 1000. I will change the range 
to start at 2000. Going off what Rowland said I have not set my UID or 
GUID mappings in Samba yet. I assume that's a precursor to 'id'
working
and possibly where I'm failing?

On 12/31/2014 10:55 AM, Stefan Kania wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello James,
>
> do you see your users and groups with "wbinfo -u" and
"wbinfo -g"?
> Did you install "heimdal-clients" to test with "kinit"
to get a
> Kerberos-Ticket?
> Did you put "winbind" behind "passwd" and
"group" in /etc/nsswitch.conf?
>
> Idmapping starting with 500:
>    idmap config DOMAIN:range = 500-40000
> can be a problem because most distributions use UIDs up to 1000 for
> local users
>
> Stefan
>
> Am 31.12.14 um 16:42 schrieb James:
>> Hello Stefan,
>>
>> I learned the hard way about .local. I understand going forward.
>>
>> I do have an issue with the member server. Following along with the
>> wiki I get stuck at 'Testing the Winbind user/group mapping'.
>> Wbinfo works as expected but not
>>
>> #*id DomainUser*
>>
>> #*getent passwd*
>>
>> #*getent group*
>>
>> #*chown DomainUser:DomainGroup file*
>>
>> #*chgrp DomainGroup file*
>>
>> etc.
>>
>> I receive 'id: sambauser: No such user'. It will only retrieve
>> local machine users. Let me preface by saying this is a Ubuntu
>> 12.04 server with Samba 4.1.14.  Thanks.
>>
>> On 12/31/2014 10:00 AM, Stefan Kania wrote: Hello James,
>>
>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>>> I'm following along with the wiki(Setup a Samba AD
Member
>>>>> Server) and I have a question after reading the 'Set up
a
>>>>> basic smb.conf' section.
>> Please show us your smb.conf
>>
>> Do I need to extend the schema in order for my member server to
>>>>> successfully join and service file shares?
>> No, you dont have to.
>>
>> Do I need to configure a
>>>>> krb5.conf file? Thanks.
>> If your DC is a samba4 DC just copy krb5.conf to your new
>> memberserver Stefan
>>
>> -- Stefan Kania Landweg 13 25693 St. Michaelisdonn
>>
>>
>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie
>> ihre E-Mail. Weiter Informationen unter http://www.gnupg.org
>>
>> Mein Schl?ssel liegt auf
>>
>> hkp://subkeys.pgp.net
>>
>>
> - -- 
> Stefan Kania
> Landweg 13
> 25693 St. Michaelisdonn
>
>
> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
> E-Mail. Weiter Informationen unter http://www.gnupg.org
>
> Mein Schl?ssel liegt auf
>
> hkp://subkeys.pgp.net
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>
> iEYEARECAAYFAlSkHI8ACgkQ2JOGcNAHDTYBeQCg2fW6PnVjB0Mxd1BBZQ24H66T
> COcAoMLaz/F7xtaKDld+QcfTFUQqLIqG
> =eJu2
> -----END PGP SIGNATURE-----
-- 
-James

Hello Rowland,

     I believe you may be correct. I was under the impression 'id' would
retrieve my users but shares would fail until I set the uid and gid 
numbers in Samba.

On 12/31/2014 10:52 AM, Rowland Penny wrote:
> On 31/12/14 15:42, James wrote:
>> Hello Stefan,
>>
>>     I learned the hard way about .local. I understand going forward.
>>
>> I do have an issue with the member server. Following along with the 
>> wiki I get stuck at 'Testing the Winbind user/group mapping'.
Wbinfo
>> works as expected but not
>>
>> #*id DomainUser*
>>
>> #*getent passwd*
>>
>> #*getent group*
>>
>> #*chown DomainUser:DomainGroup file*
>>
>> #*chgrp DomainGroup file*
>>
>> etc.
>>
>> I receive 'id: sambauser: No such user'. It will only retrieve
local
>> machine users. Let me preface by saying this is a Ubuntu 12.04 server 
>> with Samba 4.1.14.  Thanks.
>>
>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hello James,
>>>
>>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>> I'm following along with the wiki(Setup a Samba AD Member
Server)
>>>> and I have a question after reading the 'Set up a basic
smb.conf'
>>>> section.
>>> Please show us your smb.conf
>>>
>>>   Do I need to extend the schema in order for my member server to
>>>> successfully join and service file shares?
>>> No, you dont have to.
>>>
>>> Do I need to configure a
>>>> krb5.conf file? Thanks.
>>> If your DC is a samba4 DC just copy krb5.conf to your new
memberserver
>>> Stefan
>>>
>>> - -- Stefan Kania
>>> Landweg 13
>>> 25693 St. Michaelisdonn
>>>
>>>
>>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
>>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>>
>>> Mein Schl?ssel liegt auf
>>>
>>> hkp://subkeys.pgp.net
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1
>>>
>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>> =SOSt
>>> -----END PGP SIGNATURE-----
>>
>
> If you followed the wiki, you will be using the 'ad' backend. For
this
> to work, you need to add 'uidNumber' attributes to your users and a
> 'gidNumber' attribute to at least the Domain Users group. the
numbers
> that you add must be between the range you set in your smb.conf, again 
> if you followed the wiki, this will be between 500-40000.
>
> Rowland
-- 
-James

Rowland,

     I set a user with a uid and domain users group with a gid but I'm 
still unable to view them using 'id'. I do notice a few strange 
observations. If I go to another user to attempt to assign a uid. I get 
the default value of 10000. I would expect 2001 given I set the first 
user with uid 2000. Groups however appear to increment.

On 12/31/2014 10:52 AM, Rowland Penny wrote:
> On 31/12/14 15:42, James wrote:
>> Hello Stefan,
>>
>>     I learned the hard way about .local. I understand going forward.
>>
>> I do have an issue with the member server. Following along with the 
>> wiki I get stuck at 'Testing the Winbind user/group mapping'.
Wbinfo
>> works as expected but not
>>
>> #*id DomainUser*
>>
>> #*getent passwd*
>>
>> #*getent group*
>>
>> #*chown DomainUser:DomainGroup file*
>>
>> #*chgrp DomainGroup file*
>>
>> etc.
>>
>> I receive 'id: sambauser: No such user'. It will only retrieve
local
>> machine users. Let me preface by saying this is a Ubuntu 12.04 server 
>> with Samba 4.1.14.  Thanks.
>>
>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hello James,
>>>
>>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>> I'm following along with the wiki(Setup a Samba AD Member
Server)
>>>> and I have a question after reading the 'Set up a basic
smb.conf'
>>>> section.
>>> Please show us your smb.conf
>>>
>>>   Do I need to extend the schema in order for my member server to
>>>> successfully join and service file shares?
>>> No, you dont have to.
>>>
>>> Do I need to configure a
>>>> krb5.conf file? Thanks.
>>> If your DC is a samba4 DC just copy krb5.conf to your new
memberserver
>>> Stefan
>>>
>>> - -- Stefan Kania
>>> Landweg 13
>>> 25693 St. Michaelisdonn
>>>
>>>
>>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
>>> E-Mail. Weiter Informationen unter http://www.gnupg.org
>>>
>>> Mein Schl?ssel liegt auf
>>>
>>> hkp://subkeys.pgp.net
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1
>>>
>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>> =SOSt
>>> -----END PGP SIGNATURE-----
>>
>
> If you followed the wiki, you will be using the 'ad' backend. For
this
> to work, you need to add 'uidNumber' attributes to your users and a
> 'gidNumber' attribute to at least the Domain Users group. the
numbers
> that you add must be between the range you set in your smb.conf, again 
> if you followed the wiki, this will be between 500-40000.
>
> Rowland
-- 
-James