samba - Dec 2015 - Samba4 ad dc with Centos7

Wel, thats wrong, when i to the following.  

 

wbinfo –u  i get all my users.

wbinfo –g i get all my groups

getent passwd username   i get my user:UID:GID:NAME:homedir:shel 

id username  gives also the correct info.. (uid= .. gid= ) groups =  etc..  

 

And i use winbind on a DC. ( samba 4.2.5 sernet  on debian wheezy ) 

 

 

Greetz, 

 

Louis

 

 

 

 


Van: mathias dufresne [mailto:infractory at gmail.com] 
Verzonden: dinsdag 8 december 2015 14:11
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba4 ad dc with Centos7


 

I believe there is no enumeration allowed by default whatever you use to
generate system users from AD (winbind, sssd or nslcd).

 


Cheers,


 


mathias



 

2015-12-08 13:42 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:

Hai,

Few things.
> idmap gid = 1000-9999999
did you also change the start GID in the AD?
https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC#Defining_the_next_UID.2FGID_to_use
> "getent group" and "getent passwd"
On a DC, use  : getent group "domain users"
shows only the group name + GID.

You setup looks almost good, im only missing something like :

      ## map id's outside to domain to tdb files.
        ## map ids from the domain and (*) the range may not overlap !
      idmap config * : backend = tdb
      idmap config * : range = 2000-9999


Greetz,

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcio Costa
> Verzonden: dinsdag 8 december 2015 13:28
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba4 ad dc with Centos7
>
> Hello, I may have a problem with winbind setup.
>
> -with wbinfo -g and wbinfo -u I get all group/user from AD/DC.
> -with getent group "Domain Users" and getent passwd
"remote_user" I can
> see
> the info about the specific group and specific user.
> -with getent group and getent passwd I only see my local group/users.
>
> -I believe that using "getent group" and "getent
passwd" I must see all
> users, right ?
>
>
> -I'm using the SerNetSamba Version 4.2.5-SerNet-RedHat-19.el7;
> -ps auxf show me:
> root     24519  0.0  4.5 578196 45700 ?        Ss   09:59   0:00
> /usr/sbin/samba -D
> root     24527  0.0  3.2 578196 32812 ?        S    09:59   0:00  \_
> /usr/sbin/samba -D
> root     24529  0.0  4.7 617856 48016 ?        Ss   09:59   0:00  |   \_
> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> root     24546  0.0  3.2 617856 32936 ?        S    09:59   0:00  |
> \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>
> root     24536  0.0  3.2 578196 32788 ?        S    09:59   0:00  \_
> /usr/sbin/samba -D
> root     24541  0.0  4.5 587664 46480 ?        Ss   09:59   0:00  |   \_
> /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
> root     24545  0.0  3.5 605676 36492 ?        S    09:59   0:00  |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
> root     24555  0.0  3.6 605992 36680 ?        S    10:00   0:00  |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
>
> -ls /lib64
> lrwxrwxrwx. 1 root root  19 Dez  3 11:09 /lib64/libnss_winbind.so ->
> libnss_winbind.so.2
> -rwxr-xr-x. 1 root root 20K Out 28 07:44 /lib64/libnss_winbind.so.2
>
> -/etc/nsswitch.conf
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
>
> -smb.conf
> [global]
>         workgroup = INTRANET
>         realm = INTRANET.UNV
>         netbios name = ITU
>         server role = active directory domain controller
>         dns forwarder = 10.2.3.4
>         idmap_ldb:use rfc2307 = yes
>
>         idmap config INTRANET:backend = ad
>         idmap config INTRANET:schema_mode = rfc2307
>         idmap config INTRANET:range = 10000-9999999
>
>         idmap uid = 10000-9999999
>         idmap gid = 1000-9999999
>
>         # Use settings from AD for login shell and home directory
>         winbind nss info = rfc2307
>
>         winbind use default domain = yes
>         winbind enum users = yes
>         winbind enum groups = yes
>
> I appreciate any help about this issue.
> Thank you.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




 

On the DC, when i run 

getent passwd                         i only see my linux users. 

getent passwd username          shows the ad user. 

 

Same for the groups

 

Greetz, 

 

Louis

 

 


Van: Marcio Costa [mailto:marciofoz at gmail.com] 
Verzonden: dinsdag 8 december 2015 14:35
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] Samba4 ad dc with Centos7


 

Hi!
If you run 'getent passwd', do you see all the users (ad+local) or only
local users ?


 

2015-12-08 11:15 GMT-02:00 L.P.H. van Belle <belle at bazuin.nl>:

Wel, thats wrong, when i to the following.  

 

wbinfo –u  i get all my users.

wbinfo –g i get all my groups

getent passwd username   i get my user:UID:GID:NAME:homedir:shel

id username  gives also the correct info.. (uid= .. gid= ) groups =  etc.. 

 

And i use winbind on a DC. ( samba 4.2.5 sernet  on debian wheezy )

 

 

Greetz,

 

Louis

 

 

 

 


Van: mathias dufresne [mailto:infractory at gmail.com]
Verzonden: dinsdag 8 december 2015 14:11
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba4 ad dc with Centos7



 

I believe there is no enumeration allowed by default whatever you use to
generate system users from AD (winbind, sssd or nslcd).

 


Cheers,


 


mathias



 

2015-12-08 13:42 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:

Hai,

Few things.
> idmap gid = 1000-9999999
did you also change the start GID in the AD?
https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC#Defining_the_next_UID.2FGID_to_use
> "getent group" and "getent passwd"
On a DC, use  : getent group "domain users"
shows only the group name + GID.

You setup looks almost good, im only missing something like :

      ## map id's outside to domain to tdb files.
        ## map ids from the domain and (*) the range may not overlap !
      idmap config * : backend = tdb
      idmap config * : range = 2000-9999


Greetz,

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcio Costa
> Verzonden: dinsdag 8 december 2015 13:28
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba4 ad dc with Centos7
>
> Hello, I may have a problem with winbind setup.
>
> -with wbinfo -g and wbinfo -u I get all group/user from AD/DC.
> -with getent group "Domain Users" and getent passwd
"remote_user" I can
> see
> the info about the specific group and specific user.
> -with getent group and getent passwd I only see my local group/users.
>
> -I believe that using "getent group" and "getent
passwd" I must see all
> users, right ?
>
>
> -I'm using the SerNetSamba Version 4.2.5-SerNet-RedHat-19.el7;
> -ps auxf show me:
> root     24519  0.0  4.5 578196 45700 ?        Ss   09:59   0:00
> /usr/sbin/samba -D
> root     24527  0.0  3.2 578196 32812 ?        S    09:59   0:00  \_
> /usr/sbin/samba -D
> root     24529  0.0  4.7 617856 48016 ?        Ss   09:59   0:00  |   \_
> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> root     24546  0.0  3.2 617856 32936 ?        S    09:59   0:00  |
> \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>
> root     24536  0.0  3.2 578196 32788 ?        S    09:59   0:00  \_
> /usr/sbin/samba -D
> root     24541  0.0  4.5 587664 46480 ?        Ss   09:59   0:00  |   \_
> /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
> root     24545  0.0  3.5 605676 36492 ?        S    09:59   0:00  |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
> root     24555  0.0  3.6 605992 36680 ?        S    10:00   0:00  |
> \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
>
> -ls /lib64
> lrwxrwxrwx. 1 root root  19 Dez  3 11:09 /lib64/libnss_winbind.so ->
> libnss_winbind.so.2
> -rwxr-xr-x. 1 root root 20K Out 28 07:44 /lib64/libnss_winbind.so.2
>
> -/etc/nsswitch.conf
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
>
> -smb.conf
> [global]
>         workgroup = INTRANET
>         realm = INTRANET.UNV
>         netbios name = ITU
>         server role = active directory domain controller
>         dns forwarder = 10.2.3.4
>         idmap_ldb:use rfc2307 = yes
>
>         idmap config INTRANET:backend = ad
>         idmap config INTRANET:schema_mode = rfc2307
>         idmap config INTRANET:range = 10000-9999999
>
>         idmap uid = 10000-9999999
>         idmap gid = 1000-9999999
>
>         # Use settings from AD for login shell and home directory
>         winbind nss info = rfc2307
>
>         winbind use default domain = yes
>         winbind enum users = yes
>         winbind enum groups = yes
>
> I appreciate any help about this issue.
> Thank you.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




 

That's what I thought, and why I told there is no enumeration for system
users.
wbinfo can get a whole list of all Samba users (I believe it can do that
with AD or NT4 or standalone). But wbinfo does not show system users, it
shows Samba users which can become system users once they are transformed
(with pam tools as winbind, sssd or nslcd).

I insist because after months spent here and years with Samba I feel
confusion (for me and for some users of that mailing list) between Samba's
system users (users from Samba usable on system side, here the system it
the one hosting Samba, the server system), Samba users (Samba internal
users) and client system users (system users which access to the share).
With domains there is also system users built from the domain (Windows
system users SAMDOM\my-user or Linux user from AD/NT4 built with winbind or
sssd or nslcd).

Just my 2 cents, best regards,

mathias


2015-12-08 14:37 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
> On the DC, when i run
>
> getent passwd                         i only see my linux users.
>
> getent passwd username          shows the ad user.
>
>
>
> Same for the groups
>
>
>
> Greetz,
>
>
>
> Louis
>
>
>
>
>
>
> Van: Marcio Costa [mailto:marciofoz at gmail.com]
> Verzonden: dinsdag 8 december 2015 14:35
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] Samba4 ad dc with Centos7
>
>
>
>
> Hi!
> If you run 'getent passwd', do you see all the users (ad+local) or
only
> local users ?
>
>
>
>
> 2015-12-08 11:15 GMT-02:00 L.P.H. van Belle <belle at bazuin.nl>:
>
> Wel, thats wrong, when i to the following.
>
>
>
> wbinfo –u  i get all my users.
>
> wbinfo –g i get all my groups
>
> getent passwd username   i get my user:UID:GID:NAME:homedir:shel
>
> id username  gives also the correct info.. (uid= .. gid= ) groups =  etc..
>
>
>
> And i use winbind on a DC. ( samba 4.2.5 sernet  on debian wheezy )
>
>
>
>
>
> Greetz,
>
>
>
> Louis
>
>
>
>
>
>
>
>
>
>
> Van: mathias dufresne [mailto:infractory at gmail.com]
> Verzonden: dinsdag 8 december 2015 14:11
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba4 ad dc with Centos7
>
>
>
>
>
> I believe there is no enumeration allowed by default whatever you use to
> generate system users from AD (winbind, sssd or nslcd).
>
>
>
>
> Cheers,
>
>
>
>
>
> mathias
>
>
>
>
>
> 2015-12-08 13:42 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
>
> Hai,
>
> Few things.
>
> > idmap gid = 1000-9999999
> did you also change the start GID in the AD?
>
>
https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC#Defining_the_next_UID.2FGID_to_use
>
> > "getent group" and "getent passwd"
> On a DC, use  : getent group "domain users"
> shows only the group name + GID.
>
> You setup looks almost good, im only missing something like :
>
>       ## map id's outside to domain to tdb files.
>         ## map ids from the domain and (*) the range may not overlap !
>       idmap config * : backend = tdb
>       idmap config * : range = 2000-9999
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcio
Costa
> > Verzonden: dinsdag 8 december 2015 13:28
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] Samba4 ad dc with Centos7
>
> >
> > Hello, I may have a problem with winbind setup.
> >
> > -with wbinfo -g and wbinfo -u I get all group/user from AD/DC.
> > -with getent group "Domain Users" and getent passwd
"remote_user" I can
> > see
> > the info about the specific group and specific user.
> > -with getent group and getent passwd I only see my local group/users.
> >
> > -I believe that using "getent group" and "getent
passwd" I must see all
> > users, right ?
> >
> >
> > -I'm using the SerNetSamba Version 4.2.5-SerNet-RedHat-19.el7;
> > -ps auxf show me:
> > root     24519  0.0  4.5 578196 45700 ?        Ss   09:59   0:00
> > /usr/sbin/samba -D
> > root     24527  0.0  3.2 578196 32812 ?        S    09:59   0:00  \_
> > /usr/sbin/samba -D
> > root     24529  0.0  4.7 617856 48016 ?        Ss   09:59   0:00  |  
\_
> > /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> > root     24546  0.0  3.2 617856 32936 ?        S    09:59   0:00  |
> > \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
> >
> > root     24536  0.0  3.2 578196 32788 ?        S    09:59   0:00  \_
> > /usr/sbin/samba -D
> > root     24541  0.0  4.5 587664 46480 ?        Ss   09:59   0:00  |  
\_
> > /usr/sbin/winbindd -D --option=server role check:inhibit=yes
--foreground
> > root     24545  0.0  3.5 605676 36492 ?        S    09:59   0:00  |
> > \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> > foreground
> > root     24555  0.0  3.6 605992 36680 ?        S    10:00   0:00  |
> > \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> > foreground
> >
> > -ls /lib64
> > lrwxrwxrwx. 1 root root  19 Dez  3 11:09 /lib64/libnss_winbind.so
->
> > libnss_winbind.so.2
> > -rwxr-xr-x. 1 root root 20K Out 28 07:44 /lib64/libnss_winbind.so.2
> >
> > -/etc/nsswitch.conf
> > passwd:     files winbind
> > shadow:     files winbind
> > group:      files winbind
> >
> > -smb.conf
> > [global]
> >         workgroup = INTRANET
> >         realm = INTRANET.UNV
> >         netbios name = ITU
> >         server role = active directory domain controller
> >         dns forwarder = 10.2.3.4
> >         idmap_ldb:use rfc2307 = yes
> >
> >         idmap config INTRANET:backend = ad
> >         idmap config INTRANET:schema_mode = rfc2307
> >         idmap config INTRANET:range = 10000-9999999
> >
> >         idmap uid = 10000-9999999
> >         idmap gid = 1000-9999999
> >
> >         # Use settings from AD for login shell and home directory
> >         winbind nss info = rfc2307
> >
> >         winbind use default domain = yes
> >         winbind enum users = yes
> >         winbind enum groups = yes
> >
> > I appreciate any help about this issue.
> > Thank you.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

I dont see the difference, i think its all how you interper it. 
( sorry about the spelling errors.. ) 

For example 
> wbinfo can get a whole list of all Samba users (I believe it can do that
> with AD or NT4 or standalone 
Which is exact what i want. 
> wbinfo does not show system users.. 
which is also exact what i want. 
> wbinfo does not show system users, it
> shows Samba users which can become system users once they are transformed
> (with pam tools as winbind, sssd or nslcd).
Again exact what i want. 
> I feel
> confusion (for me and for some users of that mailing list) between
Samba's
> system users (users from Samba usable on system side, here the system it
> the one hosting Samba, the server system), Samba users (Samba internal
> users) and client system users (system users which access to the share).
> With domains there is also system users built from the domain (Windows
> system users SAMDOM\my-user or Linux user from AD/NT4 built with winbind
Yeah, that sucks.. wel, dont think in samba system users. 
> Samba's system users (users from Samba usable on system side, 
>here the system it
>the one hosting Samba, the server system), 
>Samba users (Samba internal users) and 
>client system users (system users which access to the share).
You have "local" users/groups, per server/client (adduser username)
You have "Domain" users/groups, per domain 
You have "mapped users"  i call them. 
And last, you have "local system users". ( UID lower than 1000 ) 

Based on this example : 

        ## map id's outside to domain to tdb files.
        idmap config * : backend = tdb
        idmap config * : range = 2000-9999
        ## map ids from the domain and (*) the range may not overlap !
        idmap config DOMAINNAME: backend = ad
        idmap config DOMAINNAME: schema_mode = rfc2307
        idmap config DOMAINNAME: range = 10000-3999999


A local user, any user UID lower than 2000

A domain user 
idmap config DOMAINNAME : range = 10000-3999999

A mapped user, is a local user with its UID in the * range. 
(idmap config * : range = 2000-9999 )

if you want any local users to be mapped to samba, change :
(idmap config * : range = 1000-9999 ) 

And i dont advice to map "local system users" to be mapped. 

Any can access shares, but all depending on your setup. 
I think you make an easy thing a hard one and probely due to the setup your
having. I'm not saying you setup is bad or wrong, but maybe to complex or
not well thought about. I spent about a year testing and configureing and
testing for a good base setup, and here it all starts, i started at least 10
times over, because i forgot a "thing/process" running on a server and
which users and/group should be able to access it.

Its pretty simple, only use "domain users" when when you have a
domain.
And only use local users for local needs. 
I only have 1 user on my linux server for administring the server. 
And i gave also some of domain users access to a local server. 
You can add an domain user to a local group if you setup is working correct. 

System users are just to run processes/services on the server, and/or for
Administering the server.

So sorry, but i dont see the problem your having. 

I do the same in samba 4 as i did in samba 3 and more. 
And this all looks to me normal. 

But ...
i do agree, there should be more examples how things work with these users. 
And some examples when you for example use a "mapped" user, of a local
users etc.



Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mathias
dufresne
> Verzonden: dinsdag 8 december 2015 14:56
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba4 ad dc with Centos7
> 
> That's what I thought, and why I told there is no enumeration for
system
> users.
> wbinfo can get a whole list of all Samba users (I believe it can do that
> with AD or NT4 or standalone). But wbinfo does not show system users, it
> shows Samba users which can become system users once they are transformed
> (with pam tools as winbind, sssd or nslcd).
> 
> I insist because after months spent here and years with Samba I feel
> confusion (for me and for some users of that mailing list) between
Samba's
> system users (users from Samba usable on system side, here the system it
> the one hosting Samba, the server system), Samba users (Samba internal
> users) and client system users (system users which access to the share).
> With domains there is also system users built from the domain (Windows
> system users SAMDOM\my-user or Linux user from AD/NT4 built with winbind
> or
> sssd or nslcd).
> 
> Just my 2 cents, best regards,
> 
> mathias
> 
> 
> 2015-12-08 14:37 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
> 
> > On the DC, when i run
> >
> > getent passwd                         i only see my linux users.
> >
> > getent passwd username          shows the ad user.
> >
> >
> >
> > Same for the groups
> >
> >
> >
> > Greetz,
> >
> >
> >
> > Louis
> >
> >
> >
> >
> >
> >
> > Van: Marcio Costa [mailto:marciofoz at gmail.com]
> > Verzonden: dinsdag 8 december 2015 14:35
> > Aan: L.P.H. van Belle
> > Onderwerp: Re: [Samba] Samba4 ad dc with Centos7
> >
> >
> >
> >
> > Hi!
> > If you run 'getent passwd', do you see all the users
(ad+local) or only
> > local users ?
> >
> >
> >
> >
> > 2015-12-08 11:15 GMT-02:00 L.P.H. van Belle <belle at
bazuin.nl>:
> >
> > Wel, thats wrong, when i to the following.
> >
> >
> >
> > wbinfo –u  i get all my users.
> >
> > wbinfo –g i get all my groups
> >
> > getent passwd username   i get my user:UID:GID:NAME:homedir:shel
> >
> > id username  gives also the correct info.. (uid= .. gid= ) groups >
etc..
> >
> >
> >
> > And i use winbind on a DC. ( samba 4.2.5 sernet  on debian wheezy )
> >
> >
> >
> >
> >
> > Greetz,
> >
> >
> >
> > Louis
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Van: mathias dufresne [mailto:infractory at gmail.com]
> > Verzonden: dinsdag 8 december 2015 14:11
> > Aan: L.P.H. van Belle
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Samba4 ad dc with Centos7
> >
> >
> >
> >
> >
> > I believe there is no enumeration allowed by default whatever you use
to
> > generate system users from AD (winbind, sssd or nslcd).
> >
> >
> >
> >
> > Cheers,
> >
> >
> >
> >
> >
> > mathias
> >
> >
> >
> >
> >
> > 2015-12-08 13:42 GMT+01:00 L.P.H. van Belle <belle at
bazuin.nl>:
> >
> > Hai,
> >
> > Few things.
> >
> > > idmap gid = 1000-9999999
> > did you also change the start GID in the AD?
> >
> >
> https://wiki.samba.org/index.php/Administer_Unix_Attributes_in_AD_via_ADUC
> #Defining_the_next_UID.2FGID_to_use
> >
> > > "getent group" and "getent passwd"
> > On a DC, use  : getent group "domain users"
> > shows only the group name + GID.
> >
> > You setup looks almost good, im only missing something like :
> >
> >       ## map id's outside to domain to tdb files.
> >         ## map ids from the domain and (*) the range may not overlap !
> >       idmap config * : backend = tdb
> >       idmap config * : range = 2000-9999
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
Marcio Costa
> > > Verzonden: dinsdag 8 december 2015 13:28
> > > Aan: samba at lists.samba.org
> > > Onderwerp: [Samba] Samba4 ad dc with Centos7
> >
> > >
> > > Hello, I may have a problem with winbind setup.
> > >
> > > -with wbinfo -g and wbinfo -u I get all group/user from AD/DC.
> > > -with getent group "Domain Users" and getent passwd
"remote_user" I
> can
> > > see
> > > the info about the specific group and specific user.
> > > -with getent group and getent passwd I only see my local
group/users.
> > >
> > > -I believe that using "getent group" and "getent
passwd" I must see
> all
> > > users, right ?
> > >
> > >
> > > -I'm using the SerNetSamba Version
4.2.5-SerNet-RedHat-19.el7;
> > > -ps auxf show me:
> > > root     24519  0.0  4.5 578196 45700 ?        Ss   09:59   0:00
> > > /usr/sbin/samba -D
> > > root     24527  0.0  3.2 578196 32812 ?        S    09:59   0:00 
\_
> > > /usr/sbin/samba -D
> > > root     24529  0.0  4.7 617856 48016 ?        Ss   09:59   0:00 
|
> \_
> > > /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
> > > root     24546  0.0  3.2 617856 32936 ?        S    09:59   0:00 
|
> > > \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --
> foreground
> > >
> > > root     24536  0.0  3.2 578196 32788 ?        S    09:59   0:00 
\_
> > > /usr/sbin/samba -D
> > > root     24541  0.0  4.5 587664 46480 ?        Ss   09:59   0:00 
|
> \_
> > > /usr/sbin/winbindd -D --option=server role check:inhibit=yes --
> foreground
> > > root     24545  0.0  3.5 605676 36492 ?        S    09:59   0:00 
|
> > > \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes
--
> > > foreground
> > > root     24555  0.0  3.6 605992 36680 ?        S    10:00   0:00 
|
> > > \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes
--
> > > foreground
> > >
> > > -ls /lib64
> > > lrwxrwxrwx. 1 root root  19 Dez  3 11:09 /lib64/libnss_winbind.so
->
> > > libnss_winbind.so.2
> > > -rwxr-xr-x. 1 root root 20K Out 28 07:44
/lib64/libnss_winbind.so.2
> > >
> > > -/etc/nsswitch.conf
> > > passwd:     files winbind
> > > shadow:     files winbind
> > > group:      files winbind
> > >
> > > -smb.conf
> > > [global]
> > >         workgroup = INTRANET
> > >         realm = INTRANET.UNV
> > >         netbios name = ITU
> > >         server role = active directory domain controller
> > >         dns forwarder = 10.2.3.4
> > >         idmap_ldb:use rfc2307 = yes
> > >
> > >         idmap config INTRANET:backend = ad
> > >         idmap config INTRANET:schema_mode = rfc2307
> > >         idmap config INTRANET:range = 10000-9999999
> > >
> > >         idmap uid = 10000-9999999
> > >         idmap gid = 1000-9999999
> > >
> > >         # Use settings from AD for login shell and home directory
> > >         winbind nss info = rfc2307
> > >
> > >         winbind use default domain = yes
> > >         winbind enum users = yes
> > >         winbind enum groups = yes
> > >
> > > I appreciate any help about this issue.
> > > Thank you.
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba