Hi Rowland,
passwd: compat winbind
group: compat winbind
'getent passwd tuser' results in a blank terminal line.
On 12/31/2014 1:12 PM, Rowland Penny wrote:> On 31/12/14 17:55, James wrote:
>> Hi Rowland,
>>
>> I did. Unfortunately something is still amiss. I do receive a
>> response from 'getent group domain users'(users:x:100).
>>
>> On 12/31/2014 12:26 PM, Rowland Penny wrote:
>>> On 31/12/14 17:23, James wrote:
>>>> Rowland,
>>>>
>>>> I set a user with a uid and domain users group with a gid
but
>>>> I'm still unable to view them using 'id'. I do
notice a few strange
>>>> observations. If I go to another user to attempt to assign a
uid. I
>>>> get the default value of 10000. I would expect 2001 given I set
the
>>>> first user with uid 2000. Groups however appear to increment.
>>>>
>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote:
>>>>> On 31/12/14 15:42, James wrote:
>>>>>> Hello Stefan,
>>>>>>
>>>>>> I learned the hard way about .local. I understand
going forward.
>>>>>>
>>>>>> I do have an issue with the member server. Following
along with
>>>>>> the wiki I get stuck at 'Testing the Winbind
user/group mapping'.
>>>>>> Wbinfo works as expected but not
>>>>>>
>>>>>> #*id DomainUser*
>>>>>>
>>>>>> #*getent passwd*
>>>>>>
>>>>>> #*getent group*
>>>>>>
>>>>>> #*chown DomainUser:DomainGroup file*
>>>>>>
>>>>>> #*chgrp DomainGroup file*
>>>>>>
>>>>>> etc.
>>>>>>
>>>>>> I receive 'id: sambauser: No such user'. It
will only retrieve
>>>>>> local machine users. Let me preface by saying this is a
Ubuntu
>>>>>> 12.04 server with Samba 4.1.14. Thanks.
>>>>>>
>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>> Hash: SHA1
>>>>>>>
>>>>>>> Hello James,
>>>>>>>
>>>>>>> Am 31.12.2014 um 15:48 schrieb James:> Hello,
>>>>>>>> I'm following along with the wiki(Setup a
Samba AD Member Server)
>>>>>>>> and I have a question after reading the
'Set up a basic smb.conf'
>>>>>>>> section.
>>>>>>> Please show us your smb.conf
>>>>>>>
>>>>>>> Do I need to extend the schema in order for my
member server to
>>>>>>>> successfully join and service file shares?
>>>>>>> No, you dont have to.
>>>>>>>
>>>>>>> Do I need to configure a
>>>>>>>> krb5.conf file? Thanks.
>>>>>>> If your DC is a samba4 DC just copy krb5.conf to
your new
>>>>>>> memberserver
>>>>>>> Stefan
>>>>>>>
>>>>>>> - -- Stefan Kania
>>>>>>> Landweg 13
>>>>>>> 25693 St. Michaelisdonn
>>>>>>>
>>>>>>>
>>>>>>> Signieren jeder E-Mail hilft Spam zu reduzieren.
Signieren Sie ihre
>>>>>>> E-Mail. Weiter Informationen unter
http://www.gnupg.org
>>>>>>>
>>>>>>> Mein Schl?ssel liegt auf
>>>>>>>
>>>>>>> hkp://subkeys.pgp.net
>>>>>>>
>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>> Version: GnuPG v1
>>>>>>>
>>>>>>>
iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>> =SOSt
>>>>>>> -----END PGP SIGNATURE-----
>>>>>>
>>>>>
>>>>> If you followed the wiki, you will be using the
'ad' backend. For
>>>>> this to work, you need to add 'uidNumber'
attributes to your users
>>>>> and a 'gidNumber' attribute to at least the Domain
Users group.
>>>>> the numbers that you add must be between the range you set
in your
>>>>> smb.conf, again if you followed the wiki, this will be
between
>>>>> 500-40000.
>>>>>
>>>>> Rowland
>>>>
>>>
>>> You have restarted samba, haven't you ?
>>> You may have to wait a short time, or clear the cache with 'net
>>> cache flush'
>>>
>>> Rowland
>>>
>>
> OK, can you post the 'passwd' & 'group' lines from
/etc/nsswitch
>
> Do you get anything from 'getent passwd <a domain user>'
>
> Rowland
>
--
-James
On 31/12/14 18:28, James wrote:> Hi Rowland, > > passwd: compat winbind > group: compat winbind > > 'getent passwd tuser' results in a blank terminal line. > > > On 12/31/2014 1:12 PM, Rowland Penny wrote: >> On 31/12/14 17:55, James wrote: >>> Hi Rowland, >>> >>> I did. Unfortunately something is still amiss. I do receive a >>> response from 'getent group domain users'(users:x:100). >>> >>> On 12/31/2014 12:26 PM, Rowland Penny wrote: >>>> On 31/12/14 17:23, James wrote: >>>>> Rowland, >>>>> >>>>> I set a user with a uid and domain users group with a gid but >>>>> I'm still unable to view them using 'id'. I do notice a few >>>>> strange observations. If I go to another user to attempt to assign >>>>> a uid. I get the default value of 10000. I would expect 2001 given >>>>> I set the first user with uid 2000. Groups however appear to >>>>> increment. >>>>> >>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote: >>>>>> On 31/12/14 15:42, James wrote: >>>>>>> Hello Stefan, >>>>>>> >>>>>>> I learned the hard way about .local. I understand going >>>>>>> forward. >>>>>>> >>>>>>> I do have an issue with the member server. Following along with >>>>>>> the wiki I get stuck at 'Testing the Winbind user/group >>>>>>> mapping'. Wbinfo works as expected but not >>>>>>> >>>>>>> #*id DomainUser* >>>>>>> >>>>>>> #*getent passwd* >>>>>>> >>>>>>> #*getent group* >>>>>>> >>>>>>> #*chown DomainUser:DomainGroup file* >>>>>>> >>>>>>> #*chgrp DomainGroup file* >>>>>>> >>>>>>> etc. >>>>>>> >>>>>>> I receive 'id: sambauser: No such user'. It will only retrieve >>>>>>> local machine users. Let me preface by saying this is a Ubuntu >>>>>>> 12.04 server with Samba 4.1.14. Thanks. >>>>>>> >>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote: >>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>> Hash: SHA1 >>>>>>>> >>>>>>>> Hello James, >>>>>>>> >>>>>>>> Am 31.12.2014 um 15:48 schrieb James:> Hello, >>>>>>>>> I'm following along with the wiki(Setup a Samba AD Member Server) >>>>>>>>> and I have a question after reading the 'Set up a basic smb.conf' >>>>>>>>> section. >>>>>>>> Please show us your smb.conf >>>>>>>> >>>>>>>> Do I need to extend the schema in order for my member server to >>>>>>>>> successfully join and service file shares? >>>>>>>> No, you dont have to. >>>>>>>> >>>>>>>> Do I need to configure a >>>>>>>>> krb5.conf file? Thanks. >>>>>>>> If your DC is a samba4 DC just copy krb5.conf to your new >>>>>>>> memberserver >>>>>>>> Stefan >>>>>>>> >>>>>>>> - -- Stefan Kania >>>>>>>> Landweg 13 >>>>>>>> 25693 St. Michaelisdonn >>>>>>>> >>>>>>>> >>>>>>>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie >>>>>>>> ihre >>>>>>>> E-Mail. Weiter Informationen unter http://www.gnupg.org >>>>>>>> >>>>>>>> Mein Schl?ssel liegt auf >>>>>>>> >>>>>>>> hkp://subkeys.pgp.net >>>>>>>> >>>>>>>> -----BEGIN PGP SIGNATURE----- >>>>>>>> Version: GnuPG v1 >>>>>>>> >>>>>>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7 >>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN >>>>>>>> =SOSt >>>>>>>> -----END PGP SIGNATURE----- >>>>>>> >>>>>> >>>>>> If you followed the wiki, you will be using the 'ad' backend. For >>>>>> this to work, you need to add 'uidNumber' attributes to your >>>>>> users and a 'gidNumber' attribute to at least the Domain Users >>>>>> group. the numbers that you add must be between the range you set >>>>>> in your smb.conf, again if you followed the wiki, this will be >>>>>> between 500-40000. >>>>>> >>>>>> Rowland >>>>> >>>> >>>> You have restarted samba, haven't you ? >>>> You may have to wait a short time, or clear the cache with 'net >>>> cache flush' >>>> >>>> Rowland >>>> >>> >> OK, can you post the 'passwd' & 'group' lines from /etc/nsswitch >> >> Do you get anything from 'getent passwd <a domain user>' >> >> Rowland >> >OK, install ldb-tools if not already installed, then run: ldbedit -e nano -H /var/lib/samba/private/sam.ldb sAMAccountName=tuser Post the (sanitized) result Rowland
Rowland,
I decided to start over with a fresh install and attempted again.
Only change I made was to start my mappings at 10000. I gave 'Domain
Users' group gid 10000 and 'tuser' has uid 10001. Still didn't
work btw.
dn: CN=Test User,CN=Users,DC=domain,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Test User
sn: User
givenName: Test
instanceType: 4
whenCreated: 20141231172021.0Z
displayName: Test User
uSNCreated: 477557
name: Test User
objectGUID: 90f95763-fe52-42b9-af86-8a84a4d5dd78
userAccountControl: 66048
codePage: 0
countryCode: 0
pwdLastSet: 130645200220000000
primaryGroupID: 513
objectSid: S-1-5-21-940051827-2291820289-3341758437-3126
accountExpires: 9223372036854775807
sAMAccountName: tuser
sAMAccountType: 805306368
userPrincipalName: tuser at domain.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local
unixUserPassword: ABCD!efgh12345$67890
uid: tuser
msSFU30Name: tuser
msSFU30NisDomain: domain
uidNumber: 10001
loginShell: /bin/sh
unixHomeDirectory: /home/tuser
gidNumber: 10000
whenChanged: 20141231185807.0Z
uSNChanged: 477620
distinguishedName: CN=Test User,CN=Users,DC=domain,DC=local
On 12/31/2014 1:50 PM, Rowland Penny wrote:> On 31/12/14 18:28, James wrote:
>> Hi Rowland,
>>
>> passwd: compat winbind
>> group: compat winbind
>>
>> 'getent passwd tuser' results in a blank terminal line.
>>
>>
>> On 12/31/2014 1:12 PM, Rowland Penny wrote:
>>> On 31/12/14 17:55, James wrote:
>>>> Hi Rowland,
>>>>
>>>> I did. Unfortunately something is still amiss. I do receive
a
>>>> response from 'getent group domain users'(users:x:100).
>>>>
>>>> On 12/31/2014 12:26 PM, Rowland Penny wrote:
>>>>> On 31/12/14 17:23, James wrote:
>>>>>> Rowland,
>>>>>>
>>>>>> I set a user with a uid and domain users group with
a gid but
>>>>>> I'm still unable to view them using 'id'. I
do notice a few
>>>>>> strange observations. If I go to another user to
attempt to
>>>>>> assign a uid. I get the default value of 10000. I would
expect
>>>>>> 2001 given I set the first user with uid 2000. Groups
however
>>>>>> appear to increment.
>>>>>>
>>>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote:
>>>>>>> On 31/12/14 15:42, James wrote:
>>>>>>>> Hello Stefan,
>>>>>>>>
>>>>>>>> I learned the hard way about .local. I
understand going
>>>>>>>> forward.
>>>>>>>>
>>>>>>>> I do have an issue with the member server.
Following along with
>>>>>>>> the wiki I get stuck at 'Testing the
Winbind user/group
>>>>>>>> mapping'. Wbinfo works as expected but not
>>>>>>>>
>>>>>>>> #*id DomainUser*
>>>>>>>>
>>>>>>>> #*getent passwd*
>>>>>>>>
>>>>>>>> #*getent group*
>>>>>>>>
>>>>>>>> #*chown DomainUser:DomainGroup file*
>>>>>>>>
>>>>>>>> #*chgrp DomainGroup file*
>>>>>>>>
>>>>>>>> etc.
>>>>>>>>
>>>>>>>> I receive 'id: sambauser: No such
user'. It will only retrieve
>>>>>>>> local machine users. Let me preface by saying
this is a Ubuntu
>>>>>>>> 12.04 server with Samba 4.1.14. Thanks.
>>>>>>>>
>>>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>> Hash: SHA1
>>>>>>>>>
>>>>>>>>> Hello James,
>>>>>>>>>
>>>>>>>>> Am 31.12.2014 um 15:48 schrieb James:>
Hello,
>>>>>>>>>> I'm following along with the
wiki(Setup a Samba AD Member
>>>>>>>>>> Server)
>>>>>>>>>> and I have a question after reading the
'Set up a basic
>>>>>>>>>> smb.conf'
>>>>>>>>>> section.
>>>>>>>>> Please show us your smb.conf
>>>>>>>>>
>>>>>>>>> Do I need to extend the schema in order
for my member server to
>>>>>>>>>> successfully join and service file
shares?
>>>>>>>>> No, you dont have to.
>>>>>>>>>
>>>>>>>>> Do I need to configure a
>>>>>>>>>> krb5.conf file? Thanks.
>>>>>>>>> If your DC is a samba4 DC just copy
krb5.conf to your new
>>>>>>>>> memberserver
>>>>>>>>> Stefan
>>>>>>>>>
>>>>>>>>> - -- Stefan Kania
>>>>>>>>> Landweg 13
>>>>>>>>> 25693 St. Michaelisdonn
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Signieren jeder E-Mail hilft Spam zu
reduzieren. Signieren Sie
>>>>>>>>> ihre
>>>>>>>>> E-Mail. Weiter Informationen unter
http://www.gnupg.org
>>>>>>>>>
>>>>>>>>> Mein Schl?ssel liegt auf
>>>>>>>>>
>>>>>>>>> hkp://subkeys.pgp.net
>>>>>>>>>
>>>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>>>> Version: GnuPG v1
>>>>>>>>>
>>>>>>>>>
iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>>>> =SOSt
>>>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>>
>>>>>>>
>>>>>>> If you followed the wiki, you will be using the
'ad' backend.
>>>>>>> For this to work, you need to add
'uidNumber' attributes to your
>>>>>>> users and a 'gidNumber' attribute to at
least the Domain Users
>>>>>>> group. the numbers that you add must be between the
range you
>>>>>>> set in your smb.conf, again if you followed the
wiki, this will
>>>>>>> be between 500-40000.
>>>>>>>
>>>>>>> Rowland
>>>>>>
>>>>>
>>>>> You have restarted samba, haven't you ?
>>>>> You may have to wait a short time, or clear the cache with
'net
>>>>> cache flush'
>>>>>
>>>>> Rowland
>>>>>
>>>>
>>> OK, can you post the 'passwd' & 'group' lines
from /etc/nsswitch
>>>
>>> Do you get anything from 'getent passwd <a domain
user>'
>>>
>>> Rowland
>>>
>>
> OK, install ldb-tools if not already installed, then run:
>
> ldbedit -e nano -H /var/lib/samba/private/sam.ldb sAMAccountName=tuser
>
> Post the (sanitized) result
>
> Rowland
>
--
-James