samba - Mar 2019 - Samba 4.8 Config SMB.Conf File

Yes global is there.

testparm output shows everything is ok, no error.  ROLE_DOMAIN_Member

Then I can press enter and see a dump.

yes, wbinfo produces output of mydomain\user

I left the domain, rejoined, and still no such user. wbinfo outputs users
and groups on command.

On Thu, Mar 14, 2019 at 1:59 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 14 Mar 2019 13:39:31 -0400
> Tyrus Shivers <tyrus.shivers at bestgateeng.com> wrote:
>
> > removed sssd.
> > removed all sss occurrences and winbind from the shadow line.
> > Selinux is disabled.
> > firewalld is disabled.
> >
> > not sure if there is a difference but I have smb and winbind, I do
> > not have nmbd or smbd.
> >
> > /etc/resolv.conf
> >
> > search mydomain.com
> > nameserver "ipaddress for DC1"
> > nameserver "ipaddress for DC2"
> >
> > Still no such user after restarting the services and executing net
> > cache flush.
> >
>
> This is very strange, it normally just works, it is usually the
'ad'
> backend that gives trouble.
>
> When you posted your smb.conf, you didn't head it with
'[global]', I
> take it that is there.
>
> Have you tried running 'testparm' just in case there is a typo or
> something.
>
> Have you tried leaving and rejoining the domain.
>
> Does 'wbinfo -u | grep username' produce output ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
V/R
Tyrus Shivers
Bestgate Engineering LLC
Direct: (410) 872-2457
tyrus.shivers at bestgateeng.com

<tyrus.shivers at bestgateeng.com>
This e-mail transmission and any documents, files or previous e-mail
messages attached to it, may be privileged and confidential and is intended
only for the use of the intended recipient of this message.  If you are not
the intended recipient, or a person responsible for delivering it to the
intended recipient, you are hereby notified that any review, disclosure,
retention, copying, dissemination, distribution or use of any of the
information contained in, or attached to this e-mail transmission is
strictly prohibited.  If you have received this transmission in error,
please immediately notify the sender by return e-mail or by telephone at
the above number and delete this e-mail message and its attachments.

On Thu, 14 Mar 2019 14:07:33 -0400
Tyrus Shivers <tyrus.shivers at bestgateeng.com> wrote:
> Yes global is there.
> 
> testparm output shows everything is ok, no error.  ROLE_DOMAIN_Member
> 
> Then I can press enter and see a dump.
> 
> yes, wbinfo produces output of mydomain\user
> 
> I left the domain, rejoined, and still no such user. wbinfo outputs
> users and groups on command.
> 
OK, I remembered that I had a Centos 7 VM, so I started it and checked
if 'id user' worked and it did. Samba was 4.7.x at this point. Ran
'yum
update' and Samba was updated to 4.8.3, tested 'id user' again and
it
still worked. Rebooted and tried again, it still worked.

So, it looks like it is possibly a problem on your Computer.

Can you post the following files (you may have already posted some of
them already, but please post them again, so they are all in one place):

/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf
/etc/samba/smb.conf
/etc/nsswitch.conf

Rowland

Rowland,

These are all VMs I am working on. I have tried it on several different
"test" VMs. Blew away VMs and created new ones, still does not work.

It takes me a little time to type the info from the directories because I
cannot copy/past due to network separation.

Contents below:

/etc/hostname
testadmin

/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
:1 localhost localhost.localdomain localhost6 localhost6.localdomain6
IPADDR  testadmin.mydomain.com   testadmin
IPADDR DC1.mydomain.com            DC1

/etc/resolv.conf
search mydomain.com
nameserver "ipaddress for DC1"
nameserver "ipaddress for DC2"

/etc/krb5.conf
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE: /var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24hr
renew_lifetime = 7d
forwardable = true
rdsn = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}

default_realm = MYDOMAIN.COM
[realms]
#EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
#}

MYDOMAIN.COM = {
 kdc = dc1.MYDOMAIN.COM
}

MYDOMAIN.COM kdc = dc1.MYDOMAIN.COM
}

[domain_realm]
#.example.com = EXAMPLE.COM
#example.com = EXAMPLE.COM
 mydomain.com = MYDOMAIN.COM
 .mydomain.com = MYDOMAIN.COM


/etc/samba/smb.conf
workgroup = mydomain
> realm = mydomain.com
> security = ads
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config MYDOMAIN : backend = rid
> idmap config MYDOMAIN : range = 10000-19999
> allow trusted domain = no
> template shell = /bin/bash
> winbind refresh tickets = yes
> restrict anonymous = 2

/etc/nsswitch.conf
 passwd:    files  winbind
 shadow:    files
 group:       files  winbind
 #initgroups : files

 hosts: files  dns  myhostname

 bootparams:  nisplus [NOTFOUND=return]  files

 ethers:       files
 netmasks: files
 networks:  files
 protocols:  files
 rpc:            files
 services:   files

 netgroup:   files
 publickey:  nisplus

 automount:  files
 aliases:        files  nisplus

On Thu, Mar 14, 2019 at 5:20 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 14 Mar 2019 14:07:33 -0400
> Tyrus Shivers <tyrus.shivers at bestgateeng.com> wrote:
>
> > Yes global is there.
> >
> > testparm output shows everything is ok, no error.  ROLE_DOMAIN_Member
> >
> > Then I can press enter and see a dump.
> >
> > yes, wbinfo produces output of mydomain\user
> >
> > I left the domain, rejoined, and still no such user. wbinfo outputs
> > users and groups on command.
> >
>
> OK, I remembered that I had a Centos 7 VM, so I started it and checked
> if 'id user' worked and it did. Samba was 4.7.x at this point. Ran
'yum
> update' and Samba was updated to 4.8.3, tested 'id user' again
and it
> still worked. Rebooted and tried again, it still worked.
>
> So, it looks like it is possibly a problem on your Computer.
>
> Can you post the following files (you may have already posted some of
> them already, but please post them again, so they are all in one place):
>
> /etc/hostname
> /etc/hosts
> /etc/resolv.conf
> /etc/krb5.conf
> /etc/samba/smb.conf
> /etc/nsswitch.conf
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
V/R
Tyrus Shivers
Bestgate Engineering LLC
Direct: (410) 872-2457
tyrus.shivers at bestgateeng.com

<tyrus.shivers at bestgateeng.com>
This e-mail transmission and any documents, files or previous e-mail
messages attached to it, may be privileged and confidential and is intended
only for the use of the intended recipient of this message.  If you are not
the intended recipient, or a person responsible for delivering it to the
intended recipient, you are hereby notified that any review, disclosure,
retention, copying, dissemination, distribution or use of any of the
information contained in, or attached to this e-mail transmission is
strictly prohibited.  If you have received this transmission in error,
please immediately notify the sender by return e-mail or by telephone at
the above number and delete this e-mail message and its attachments.