Follow the answers:> Yes wbinfo shows the user but does 'getent passwd iuser' show anything ?# wbinfo -i iuser iuser:*:4294967295:4294967295:iuser:/home/DOMAIN/iuser:/bin/false # getent passwd iuser iuser:*:4294967295:4294967295:iuser:/home/DOMAIN/iuser:/bin/false # id iuser id: iuser: no such user smb.conf file server: # Global parameters [global] netbios name = SRV16 server string = Samba4 Server security = ADS encrypt passwords = yes realm = domain.local workgroup = DOMAIN log file = /var/log/samba/%m.log log level = 1 # winbind enum users = yes winbind enum groups = yes winbind use default domain = Yes winbind nss info = RFC2307 #idmap_ldb: Use vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes # Idmap config for domain DOMAIN idmap config DOMAIN: backend = ad idmap config DOMAIN: schema_mode = RFC2307 idmap config DOMAIN: range = 10000-99999 idmap config * : backend = tdb idmap config * : range = 2000-9999 [data] comment = Folder data path = /mnt/dados read only = No browseable = yes inherit acls = Yes inherit permissions = Yes guest account = guest guest ok=yes writeable = Yes Another issue that I'm doubt, is with respect to services related to Samba. The services that need to be running: smbd, nmbd and winbindd? I need to run the Samba 4 script, as explained in this link? https://wiki.samba.org/index.php/Samba4/InitScript
On Thu, 11 Aug 2016 19:51:07 +0000 (UTC) Ricardo Pardim Claus via samba <samba at lists.samba.org> wrote:> > > > Follow the answers: > > > > Yes wbinfo shows the user but does 'getent passwd iuser' show > > anything ? > > # wbinfo -i iuser > iuser:*:4294967295:4294967295:iuser:/home/DOMAIN/iuser:/bin/false > > > > # getent passwd iuser > iuser:*:4294967295:4294967295:iuser:/home/DOMAIN/iuser:/bin/false > > > # id iuser > id: iuser: no such userHmm, the numbers seem extremely large, did you set this number in the users 'uidnumber' attribute in AD ?> > > smb.conf file server: > > # Global parameters > [global] > netbios name = SRV16 > server string = Samba4 Server > security = ADS > encrypt passwords = yes > realm = domain.local > workgroup = DOMAIN > log file = /var/log/samba/%m.log > log level = 1 > # > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = Yes > winbind nss info = RFC2307 > #idmap_ldb: Use > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > # Idmap config for domain DOMAIN > idmap config DOMAIN: backend = ad > idmap config DOMAIN: schema_mode = RFC2307 > idmap config DOMAIN: range = 10000-99999 > idmap config * : backend = tdb > idmap config * : range = 2000-9999 > > [data] > comment = Folder data > path = /mnt/dados > read only = No > browseable = yes > inherit acls = Yes > inherit permissions = Yes > guest account = guest > guest ok=yes > writeable = Yes > > > Another issue that I'm doubt, is with respect to services related to > Samba. The services that need to be running: smbd, nmbd and winbindd? > I need to run the Samba 4 script, as explained in this link? > > https://wiki.samba.org/index.php/Samba4/InitScript >If you run Samba as a DC, you only need to start the 'samba' binary, this will start the other binaries. if you run Samba as domain joined fileserver, you will need to start the 'smbd' and 'winbindd' binaries, if you want network browsing, you will also need to start the 'nmbd' binary Rowland
On Thu, 11 Aug 2016 21:14:55 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Thu, 11 Aug 2016 19:51:07 +0000 (UTC) > Ricardo Pardim Claus via samba <samba at lists.samba.org> wrote: > > > > > > > > > Follow the answers: > > > > > > > Yes wbinfo shows the user but does 'getent passwd iuser' show > > > anything ? > > > > # wbinfo -i iuser > > iuser:*:4294967295:4294967295:iuser:/home/DOMAIN/iuser:/bin/false > > > > > > > > # getent passwd iuser > > iuser:*:4294967295:4294967295:iuser:/home/DOMAIN/iuser:/bin/false > > > > > > # id iuser > > id: iuser: no such user > > Hmm, the numbers seem extremely large, did you set this number in the > users 'uidnumber' attribute in AD ?concentrating on the number, I missed '/home/DOMAIN/iuser:/bin/false' Is this on the DC ? and if so, what do get if you run the same command on the fileserver ? Just to double check, are you running sssd on any of the machines ? Rowland