hello, I have install samba4 on debian whezzy 64-bit All is working OK, but now I try to add qoutas to users and this tutorial did not working https://wiki.samba.org/index.php/Samba4/Winbind when i write getent passwd i did't see users from AD so e.g. # id Administrator id Administrator: There is no such user Pozdrowienia ------------------------------------------ dafr32 dafr32 at gmail.com
Hello Darek, Am 11.08.2013 23:02, schrieb Darek Fr?czkiewicz:> I have install samba4 on debian whezzy 64-bit All is working OK, but now I > try to add qoutas to users and this tutorial did not working > https://wiki.samba.org/index.php/Samba4/Winbindhave a look at this HowTo https://wiki.samba.org/index.php/Samba4/Domain_Member This one works fine here. I'm not sure about the other one. I haven't compared them. I'll merge the two HowTos the next time, when I have time. * Are your DC and your member both running Samba 4? * Do you run your DC as AD DC or NT4-style DC? * If you are retrieving the xIDs via rfc2307, have you filled the unix tab in ADUC for the users/groups? Regards, Marc
Am 12.08.2013 00:29, schrieb Darek Fr?czkiewicz:> thank's Marc > > i will try tomorow this howto > https://wiki.samba.org/index.__php/Samba4/Domain_Member > <https://wiki.samba.org/index.php/Samba4/Domain_Member> > > I'm going to connect samba4 as AD with 30 windows workstations in my > school. After testing all is OK and works (joining windows, login users, > homedrives, GPO). The last thing is add qoutas to users. I can't do this > yet.Quotas I haven't tried yet. But at least the winbind stuff should work like expected with this HowTo. Regards, Marc
Hello Darek, Am 12.08.2013 20:03, schrieb Darek Fr?czkiewicz:> unfortunately this howto > (https://wiki.samba.org/index.php/Samba4/Domain_Member ) did'n work. > After configure with options: > ./configure --with-ads --with-shared-modules=idmap_ad > and change files ktrb.conf and smb.conf samba didn't starting.What are the samba logs saying?> /net ads join -U administrator/ > Host is not configured as a member server. > Invalid configuration. Exiting....Can you show your smb.conf/testparm output? Regards, Marc
Hello Darek, Am 12.08.2013 21:09, schrieb Darek Fr?czkiewicz:> I was add in smb.conf > log file = /var/log/samba.log > > and now i see: > > [2013/08/12 21:02:08, 0] ../source4/smbd/server.c:461(binary_smbd_main) > At this time the 'samba' binary should only be used for either: > 'server role = active directory domain controller' or to access the > ntvfs file server with 'server services = +s$ > You should start smbd/nmbd/winbindd instead for domain member and > standalone file server tasks > > I don't understand this log...Just to clarify some things: - Is your winbind configuration on the same machine as your DC? - Or are you configuring winbind on a member server (a different machine)? - And you are running Samba 4 as AD DC (not an NT4-style domain), right? The configuration I described in the Wiki is only tested on a member server. If you require to have the Samba AD accounts local on your Samba DC (not on a member server), then the winbind configuration may be a bit different (haven't done that yet). But you can use nslcd (adapt the config from here: http://wiki.samba.org/index.php/Authenticating_other_services_against_AD#Nslcd:_User.2FGroups_from_AD_through_openLDAP_proxy) or sssd (if you google, there are some configuration examples for setting up sssd with AD). Regards Marc
Am 12.08.2013 22:04, schrieb Darek Fr?czkiewicz:> I'm testing samba4 (with > https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO) since one year and > this config: debian + samba4 +bind9+dhcp+ntp+LAMP gives me domain, > joining workstations, menage users and GPO. All works good. In this > howto I don't see anything about config winbind.This HowTo was written just as a guide for setting up a member server, not for setting up winbind on top of a DC.> If you require to have the Samba AD accounts local on your Samba DC > (not on a member server), then the winbind configuration may be a > bit different (haven't done that yet). But you can use nslcd (adapt > the config from here: > http://wiki.samba.org/index.__php/Authenticating_other___services_against_AD#Nslcd:___User.2FGroups_from_AD_through___openLDAP_proxy > <http://wiki.samba.org/index.php/Authenticating_other_services_against_AD#Nslcd:_User.2FGroups_from_AD_through_openLDAP_proxy>) > or sssd (if you google, there are some configuration examples for > setting up sssd with AD).As you have just a single DC, nslcd, sssd or winbind is what you should try. I haven't tried sssd, but as I heard a lot from others here on the list, it would be currently a good choice for that. But use a recent version. I already planed about writing a new HowTo about the three daemons, but currently doesn't had the time for it. But it's still on my list. Regards Marc
Am 12.08.2013 22:40, schrieb Darek Fr?czkiewicz:> If you require to have the Samba AD accounts local on your Samba DC > (not on a member server), then the winbind configuration may be a > bit different (haven't done that yet). But you can use nslcd (adapt > the config from here: > http://wiki.samba.org/index.__php/Authenticating_other___services_against_AD#Nslcd:___User.2FGroups_from_AD_through___openLDAP_proxy > <http://wiki.samba.org/index.php/Authenticating_other_services_against_AD#Nslcd:_User.2FGroups_from_AD_through_openLDAP_proxy>) > or sssd (if you google, there are some configuration examples for > setting up sssd with AD). > > > in this howto i'm reading : *Use the following slapd.conf example*: > I remember new openldap has not file slapd.confI'm running the version shipped with RHL 6.4. This works fine with the slapd.conf. Haven't tried the latest version and I don't know if something changed there. What version of openldap do you use? And what does the manpage says?> I found about sssd: > http://debian.2.n7.nabble.com/Fwd-Samba4-and-SSSD-td2793432.html > > The easiest way to get Linux clients to work with samba4 is to start by > creating an unprivileged "binduser" account. > "samba-tool user add binduser" will do that for you. > > Then *on the client side*, install sssd (apt-get install sssd) and write > something like that in /etc/sssd/sssd.conf: > > > I think it doesn't workWhy? I haven't tried sssd yet. But if you reply to the list and not just to my mail address, others could help you, too. :-) Steve often recommends sssd. When I remember right, he already posted a few times configuration examples to the list. You can google for that. Regards, Marc