On 25/07/14 05:39, Hauke Homburg wrote:> Hello,
>
> At this moment i setup a SAMBA 4 Memberserver. I installed the
> following packages:
>
> ii libwbclient0:amd64 99:4.1.9-8 amd64 Glue
> package for sernet-samba-libs.
> ii sernet-samba 99:4.1.9-8 amd64 SMB/CIFS
> file, print, and login server for Unix
> ii sernet-samba-ad 99:4.1.9-8 amd64 Samba
> Active Directory Domain Controller
> ii sernet-samba-client 99:4.1.9-8 amd64 a
> LanManager-like simple client for Unix
> ii sernet-samba-common 99:4.1.9-8 all
> Samba common files used by both the server and the client
> ii sernet-samba-keyring 1.4 all
> GnuPG archive keys of the SerNet Samba archive
> ii sernet-samba-libpam-smbpass:amd64 99:4.1.9-8
> amd64 Glue package for sernet-samba-libs.
> ii sernet-samba-libs:amd64 99:4.1.9-8 amd64
> Samba common library files used by both the server and the client
> ii sernet-samba-libsmbclient0:amd64 99:4.1.9-8
> amd64 Shared library that allows applications to talk to SMB
> servers
> ii sernet-samba-winbind 99:4.1.9-8 amd64
> Samba nameservice integration serve
>
> my smb.conf:
>
> # Global parameters
> [global]
>
> netbios name = SRV001
> workgroup = test
> security = ADS
> realm = test.local
> encrypt passwords = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config test:backend = ad
> idmap config test:schema_mode = rfc2307
> idmap config test:range = 500-40000
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> log level = 3
>
> My nssswitch.conf:
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
installed,
> try:
> # `info libc "Name Service Switch"' for information about
this file.
>
> passwd: compat winbind
> group: compat winbind
> shadow: compat
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> wbinfo -u tells me Domain Users, wbinfo -g tells me domain groups. But
> with getent passwd i don't see the domain users.
>
> I used
>
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Make_domain_users.2Fgroups_available_locally_through_Winbind
>
> can you help me?
>
> Hauke
I think that because you are using the sernet packages, you may have to
set PAM up manually, see this post:
https://lists.samba.org/archive/samba/2014-April/180404.html
Rowland