Rowland penny
2016-Jun-15 15:54 UTC
[Samba] Samba4 Domain Member Server "Getent show diferents UID"
On 15/06/16 14:49, Juan Ignacio wrote:> Are there any test I can do to see if need to configure something in > the member server? >If you have set up a domain member as show here: https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member If you have given your users a uidNumber attribute and 'Domain Users' a gidNumber attribute, 'getent passwd username' should display info for each user. If you do not info for any users, check that libnss-winbind is setup correctly. Rowland
Juan Ignacio
2016-Jun-15 17:55 UTC
[Samba] Samba4 Domain Member Server "Getent show diferents UID"
The UID of the users in the command output: "getent passwd" remain different in the member server. I give to the user uanaco a gid and a uid throw RSAT. root at memberserver:/usr/local/samba/etc# getent passwd | less uanaco:*:100642:100008:uanaco:/home/ADSERVER/uanaco:/bin/false There is a service besides winbindd need to be running on the member server? I'm currently running all manually, "nmbd, smbd, samba, winbindd" The startup script here I did not work properly on Debian. https://wiki.samba.org/index.php/Samba4/InitScript How can we verify that the AD Domain Controller is using the RFC2307 attribute correctly? How can we verify that the Member server is using the RFC2307 attribute and receiving data? I remember seeing configured correctly and from windows UIDs can be added without problem, so I think the ADDC is doing its job well. Thanks 2016-06-15 12:54 GMT-03:00 Rowland penny <rpenny at samba.org>:> On 15/06/16 14:49, Juan Ignacio wrote: > >> Are there any test I can do to see if need to configure something in the >> member server? >> >> > If you have set up a domain member as show here: > > https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member > > If you have given your users a uidNumber attribute and 'Domain Users' a > gidNumber attribute, 'getent passwd username' should display info for each > user. If you do not info for any users, check that libnss-winbind is setup > correctly. > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2016-Jun-15 18:27 UTC
[Samba] Samba4 Domain Member Server "Getent show diferents UID"
On 15/06/16 18:55, Juan Ignacio wrote:> The UID of the users in the command output: "getent passwd" remain > different in the member server. > I give to the user uanaco a gid and a uid throw RSAT.OK, this is me on a DC: root at dc2:~# getent passwd rowland SAMDOM\rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash and this is me an a domain member: rowland at devstation:~$ getent passwd rowland rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash I have added the required RFC2307 attributes to my AD object and libnss_winbind is setup correctly.> > root at memberserver:/usr/local/samba/etc# getent passwd | less > uanaco:*:100642:100008:uanaco:/home/ADSERVER/uanaco:/bin/false > > There is a service besides winbindd need to be running on the member > server? > > I'm currently running all manually, "nmbd, smbd, samba, winbindd" > The startup script here I did not work properly on Debian.You should not be running all of them on a domain member, turn off 'samba', this should only be run on a DC and this will start any other required binaries.> > https://wiki.samba.org/index.php/Samba4/InitScriptDownload the debian samba packages and extract the 'smbd', 'nmbd' and 'winbindd' init scripts, now alter the paths in them to match where your Samba binaries are.> > How can we verify that the AD Domain Controller is using the RFC2307 > attribute correctly? > > How can we verify that the Member server is using the RFC2307 > attribute and receiving data?If every thing is set up correctly, you should get the same IDs everywhere on Linux, see above, if you are not getting the same UIDs on DCs & domain members, then it sounds like something is incorrectly set up. You say that you gave your user a uidNumber, is this number inside the domain range in the domain member smb.conf, the relevant line in my smb.conf is: idmap config SAMDOM : range = 10000-999999 if it isn't, it will be ignored. Have you given the 'Domain Users' group a gidNumber attribute, if not, all Unix users will be ignored, again, this number needs to be inside the range. Can you run 'pam-auth-update' on the domain member and post the result. Rowland
Reasonably Related Threads
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"