Seems to be the same problem like last week. I also couldn't get a member server to run. wbinfo worked while getent didn't. Is there any detailed instruction for sssd? Tim Am 14. Januar 2015 23:42:20 MEZ, schrieb Sketch <smblist at rednsx.org>:>On Wed, 14 Jan 2015, David Thompson wrote: > >> Kerberos works fine as I can run kinit and kdestroy on both the DC >and member server and they work fine. Time is set to ?the default time >servers right now as installed by the ntp install, but both servers are >in sync for their time and working correctly. >> >> On the member server, I am able to get it bound to the domain without >issue and I can see that it adds its name into the DNS service. >> I cannot however get it to lookup any users either, which is odd, >since when I setup a SAMBA3 server to be a member server, I am able to >get winbindd, smbd, and nmbd playing nicely together and can look users >up without issue against the DC. > >Make sure winbind is actually running on the member server. > >Also, make sure your users actually have uid and gid attributes in >ldap. >If not, I don't think they will show up (I use sssd, so my windind is >rusty). If wbinfo -u does show users, but getent passwd does not, this >is >likely your problem. Make sure you use the --uid-number and >--gid-number >options when you create users with samba-tool, or you can add them with > >ADUC, or you can use scripts like >http://linuxcostablanca.blogspot.com/2012/02/samba-4-posix-domain-user.html > > >------------------------------------------------------------------------ > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
> If wbinfo -u does show users, but getent passwd does not, this > is likely your problem.Not necessarily. Try getent passwd administrator. If this works for all Your users, then it is just sssd not enumerating all the users, which does no harm at all. If getent passwd user does not retrieve the user information, then something is broken indeed. The next thing would be to check sssd. Does it start? Is the keytab not outdated? Do a kinit -k /etc/krb5.keytab. If this isn't working generate a new keytab.
Hi all, After being pointed towards the sssd service, I setup and configured it and it appears to be running just fine. I can lookup my users and groups properly now once I add their information in the UNIX tab section in AD. Thank you all to help me get where I am now. I can now continue to work and set this up. I am sure I will have more questions moving forward, but this mailing list has been a great resource, and hopefully one day I can contribute to it as opposed to just asking questions. Off to clown college now. Thanks, David Peter Serbe <peter at serbe.ch> , 1/15/2015 5:36 AM:> If wbinfo -u does show users, but getent passwd does not, this > is likely your problem.Not necessarily. Try getent passwd administrator. If this works for all Your users, then it is just sssd not enumerating all the users, which does no harm at all. If getent passwd user does not retrieve the user information, then something is broken indeed. The next thing would be to check sssd. Does it start? Is the keytab not outdated? Do a kinit -k /etc/krb5.keytab. If this isn't working generate a new keytab. -- To unsubscribe from this list go to the following URL and read the instructions: ?https://lists.samba.org/mailman/options/samba