Rowland Penny
2015-Mar-23 13:39 UTC
[Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
On 23/03/15 13:15, Jhon P wrote:> Yes its correct. > > > Date: Mon, 23 Mar 2015 13:09:26 +0000 > > From: rowlandpenny at googlemail.com > > To: samba at lists.samba.org > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user > name on Primary ACDC but wbinfo -u yes > > > > On 23/03/15 12:51, Jhon P wrote: > > > One ADDC with linux Debian 7 and Samba4.1 working.} > > > Im test "NIS" and works fine after we expand the samba 4 schema. ;-) > > > > > > This is the DC with the problem of getent and can give domain users > > > infoonly "wbinfo -u". > > > > > > When list directories with "ls" also display UID instead Domain User > > > ID in the directories. > > > When i use "getent passwd" this also display passwd file users "unix > > > users" not domain users. > > > > > > The Domain Works well anyway and i can manage with "RSAT" but if i > > > like manage it with linux its really dificult, because im need give > > > the UID and before check it with "wbinfo --uid-info" to know how its > > > the owner of a directory for example. > > > > > > I really want to manage it with linux, because I come from the old > > > school of samba 2:-), really depend 100% of microsoft does not > make me > > > very happy i think. > > > > > > All clients are conected to this server. > > > > > > Regards and thanks. > > > > > > > Date: Mon, 23 Mar 2015 12:16:54 +0000 > > > > From: rowlandpenny at googlemail.com > > > > To: samba at lists.samba.org > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user > > > name on Primary ACDC but wbinfo -u yes > > > > > > > > On 23/03/15 11:42, Jhon P wrote: > > > > > Thanks for the clarification. > > > > > > > > > > They are around 80 clients. > > > > > All windows 7 and Xp pro. > > > > > > > > > > One member server linux with Debian 7 for testing the future file > > > > > server. All on this works fine. > > > > > > > > > > Other servers that are not in the domain > > > > > > > > > > Thanks. > > > > > > Date: Mon, 23 Mar 2015 09:26:08 +0000 > > > > > > From: rowlandpenny at googlemail.com > > > > > > To: samba at lists.samba.org > > > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display > domain user > > > > > name on Primary ACDC but wbinfo -u yes > > > > > > > > > > > > On 23/03/15 00:55, Jhon P wrote: > > > > > > > It will be necessary to join this PDC to the domain? > > > > > > > > > > > > Firstly, it is a 'DC' not a 'PDC', there really is no > concept of a > > > > > > Primary Domain Controller in active directory, other than > one of the > > > > > > FSMO roles. These FSMO roles are the only differences > between DCs , > > > > > > other than this, all DCs are the same (or should) > > > > > > > > > > > > You do not join a DC to the domain unless it is a second (or > > > > > subsequent) > > > > > > DC, when you provision a DC or classicupgrade a PDC, it is > > > > > automatically > > > > > > joined to the domain. > > > > > > > > > > > > > I did this once and it was not me well and I had to > restore the > > > > > backup. > > > > > > > > > > > > > > The samba documentation does not say anything of this. > > > > > > > Remember this isnt a member server this is the PDC, on samba > > > ACDC doc > > > > > > > say this: > > > > > > > > > > > > > > "We /*_do not recommend_* using the Domain Controller as a > file > > > > > > > Server. This is due to issues with the winbind internal to > the > > > Domain > > > > > > > Controller./" > > > > > > > > > > > > > > But I also need to use it because I had no other server to > use > > > as a > > > > > > > file server. > > > > > > > > > > > > It is not recommended, but you can do it, there are plenty of > > > people > > > > > who > > > > > > post on here who do use a DC as a fileserver. > > > > > > > > > > > > Just how many clients do you have and what sort ? > > > > > > > > > > > > Rowland > > > > > > > > > > > > > > > > > > > > If there is no chance you do not want to waste time with this. > > > > > > > > > > > > > > Many thank you very much. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > To unsubscribe from this list go to the following URL and > read the > > > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > What is the DC (you may have said, but if you have, sorry I have > > > forgotten) > > > > > > > > Rowland > > > > > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > OK, so you have: > > A) one debian 7 DC running self compiled samba 4.1.? > > B) one debian 7 member server running ?? samba 4.1.? > > C) 80 windows clients > > > > Is this correct ? > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/sambaOK, if your samba 4 AD DC is working as expected and you have a member server, then do not worry about whether getent (on the DC) displays user names or numbers, just as long as your member server is working in the same way. Do not try to log into the DC as a domain user, just use it for what it is recommended for, Authentication. What I would suggest you do is, create a new second DC using debian jessie and install samba4 from packages, this will get you 4.1.17, or if Sernet releases 4.2 packages , then use these. You can then join this to your first DC for greater redundancy. Rowland
Jhon P
2015-Mar-23 14:19 UTC
[Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
It's a shame not to be able to obtain users on this DC with getent. I would make the server is correctly configured and manageable, has many resources to be used. Having UIDS eg 3000001 without knowing who owns it is a shame. Maybe upgrading to 4.2 this DC these things can work. Maybe try updating this DC from the sources. If there is something to do to solve this problem really is very helpful. If there is anything else I can do just let me know. Rowland I really appreciate your help and time you spent. Thank You. :-)> Date: Mon, 23 Mar 2015 13:39:58 +0000 > From: rowlandpenny at googlemail.com > To: samba at lists.samba.org > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes > > On 23/03/15 13:15, Jhon P wrote: > > Yes its correct. > > > > > Date: Mon, 23 Mar 2015 13:09:26 +0000 > > > From: rowlandpenny at googlemail.com > > > To: samba at lists.samba.org > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user > > name on Primary ACDC but wbinfo -u yes > > > > > > On 23/03/15 12:51, Jhon P wrote: > > > > One ADDC with linux Debian 7 and Samba4.1 working.} > > > > Im test "NIS" and works fine after we expand the samba 4 schema. ;-) > > > > > > > > This is the DC with the problem of getent and can give domain users > > > > infoonly "wbinfo -u". > > > > > > > > When list directories with "ls" also display UID instead Domain User > > > > ID in the directories. > > > > When i use "getent passwd" this also display passwd file users "unix > > > > users" not domain users. > > > > > > > > The Domain Works well anyway and i can manage with "RSAT" but if i > > > > like manage it with linux its really dificult, because im need give > > > > the UID and before check it with "wbinfo --uid-info" to know how its > > > > the owner of a directory for example. > > > > > > > > I really want to manage it with linux, because I come from the old > > > > school of samba 2:-), really depend 100% of microsoft does not > > make me > > > > very happy i think. > > > > > > > > All clients are conected to this server. > > > > > > > > Regards and thanks. > > > > > > > > > Date: Mon, 23 Mar 2015 12:16:54 +0000 > > > > > From: rowlandpenny at googlemail.com > > > > > To: samba at lists.samba.org > > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display domain user > > > > name on Primary ACDC but wbinfo -u yes > > > > > > > > > > On 23/03/15 11:42, Jhon P wrote: > > > > > > Thanks for the clarification. > > > > > > > > > > > > They are around 80 clients. > > > > > > All windows 7 and Xp pro. > > > > > > > > > > > > One member server linux with Debian 7 for testing the future file > > > > > > server. All on this works fine. > > > > > > > > > > > > Other servers that are not in the domain > > > > > > > > > > > > Thanks. > > > > > > > Date: Mon, 23 Mar 2015 09:26:08 +0000 > > > > > > > From: rowlandpenny at googlemail.com > > > > > > > To: samba at lists.samba.org > > > > > > > Subject: Re: [Samba] Samba 4.1 gentent, ls, no display > > domain user > > > > > > name on Primary ACDC but wbinfo -u yes > > > > > > > > > > > > > > On 23/03/15 00:55, Jhon P wrote: > > > > > > > > It will be necessary to join this PDC to the domain? > > > > > > > > > > > > > > Firstly, it is a 'DC' not a 'PDC', there really is no > > concept of a > > > > > > > Primary Domain Controller in active directory, other than > > one of the > > > > > > > FSMO roles. These FSMO roles are the only differences > > between DCs , > > > > > > > other than this, all DCs are the same (or should) > > > > > > > > > > > > > > You do not join a DC to the domain unless it is a second (or > > > > > > subsequent) > > > > > > > DC, when you provision a DC or classicupgrade a PDC, it is > > > > > > automatically > > > > > > > joined to the domain. > > > > > > > > > > > > > > > I did this once and it was not me well and I had to > > restore the > > > > > > backup. > > > > > > > > > > > > > > > > The samba documentation does not say anything of this. > > > > > > > > Remember this isnt a member server this is the PDC, on samba > > > > ACDC doc > > > > > > > > say this: > > > > > > > > > > > > > > > > "We /*_do not recommend_* using the Domain Controller as a > > file > > > > > > > > Server. This is due to issues with the winbind internal to > > the > > > > Domain > > > > > > > > Controller./" > > > > > > > > > > > > > > > > But I also need to use it because I had no other server to > > use > > > > as a > > > > > > > > file server. > > > > > > > > > > > > > > It is not recommended, but you can do it, there are plenty of > > > > people > > > > > > who > > > > > > > post on here who do use a DC as a fileserver. > > > > > > > > > > > > > > Just how many clients do you have and what sort ? > > > > > > > > > > > > > > Rowland > > > > > > > > > > > > > > > > > > > > > > > If there is no chance you do not want to waste time with this. > > > > > > > > > > > > > > > > Many thank you very much. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > To unsubscribe from this list go to the following URL and > > read the > > > > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > What is the DC (you may have said, but if you have, sorry I have > > > > forgotten) > > > > > > > > > > Rowland > > > > > > > > > > -- > > > > > To unsubscribe from this list go to the following URL and read the > > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > OK, so you have: > > > A) one debian 7 DC running self compiled samba 4.1.? > > > B) one debian 7 member server running ?? samba 4.1.? > > > C) 80 windows clients > > > > > > Is this correct ? > > > > > > Rowland > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > OK, if your samba 4 AD DC is working as expected and you have a member > server, then do not worry about whether getent (on the DC) displays user > names or numbers, just as long as your member server is working in the > same way. Do not try to log into the DC as a domain user, just use it > for what it is recommended for, Authentication. > > What I would suggest you do is, create a new second DC using debian > jessie and install samba4 from packages, this will get you 4.1.17, or if > Sernet releases 4.2 packages , then use these. You can then join this to > your first DC for greater redundancy. > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2015-Mar-23 14:44 UTC
[Samba] Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
On 23/03/15 14:19, Jhon P wrote:> It's a shame not to be able to obtain users on this DC with getent.You Should be able to, here is an example line from running 'getent passwd' on my first DC: EXAMPLE\testuser3:*:3000069:10000:Test User3:/home/EXAMPLE/testuser3:/bin/bash> > I would make the server is correctly configured and manageable, has > many resources to be used.There are other problems with using a samba4 DC as a fileserver, there have been reports of excessive use of filespace that goes away after a reboot, for instance.> > Having UIDS eg 3000001 without knowing who owns it is a shame. >You can find out, if you must, but there are really no reasons to do so on a DC.> Maybe upgrading to 4.2 this DC these things can work. > Maybe try updating this DC from the sources. >If you update, but still use the ldb files you have now i.e. you do not provision and start fresh, you will probably have the same problem. You seem to have done everything you can to get RFC2307 working, I think the problem must lie in you not provisioning with rfc2307 at the start.> If there is something to do to solve this problem really is very helpful. > > If there is anything else I can do just let me know. >I think that the only way to ensure everything will work correctly, is to start again, install a new DC using either Wheezy or Jessie (Jessie is frozen, so should be safe to use), use either the packages from backports (if using wheezy) or the standard jessie packages or the Sernet packages (if they have issued 4.2 packages, no need to bother if they haven't). Once you have a new clean OS up with samba4 installed, provision it using this command: samba-tool domain provision --use-rfc2307 --use-xattrs=yes --realm=<YOUR SAMBA REALM> --domain=<YOUR DOMAIN NAME} \ --dns-backend=SAMBA_INTERNAL --server-role=dc --function-level=2008_R2 --adminpass=<YOUR ADMINISTRATOR PASSWORD> You will however have to join your windows machines to this new domain. Rowland> > Rowland I really appreciate your help and time you spent. > > Thank You. :-) >
Possibly Parallel Threads
- Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
- Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
- Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
- Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes
- Samba 4.1 gentent, ls, no display domain user name on Primary ACDC but wbinfo -u yes