Yes I did setup libnss_winbind. wbinfo -u and -g on the domain member both work: [root at testfsrv ~]# wbinfo -u SAMDOM\testakin SAMDOM\testsina SAMDOM\testigein SAMDOM\administrator SAMDOM\krbtgt SAMDOM\guest [root at testfsrv ~]# wbinfo -g SAMDOM\allowed rodc password replication group SAMDOM\enterprise read-only domain controllers SAMDOM\denied rodc password replication group SAMDOM\read-only domain controllers SAMDOM\group policy creator owners SAMDOM\ras and ias servers SAMDOM\domain controllers SAMDOM\enterprise admins SAMDOM\domain computers SAMDOM\cert publishers SAMDOM\dnsupdateproxy SAMDOM\domain admins SAMDOM\domain guests SAMDOM\schema admins SAMDOM\domain users SAMDOM\dnsadmins On Thu, Nov 9, 2017 at 3:35 PM, Rowland Penny <rpenny at samba.org> wrote:> On Thu, 9 Nov 2017 15:17:22 +0100 > Sina Owolabi <notify.sina at gmail.com> wrote: > >> Thanks Rowland! >> >> My current configs are: >> >> DC: >> >> # Global parameters >> [global] >> dns forwarder = 8.8.8.8 >> netbios name = TESTBOX >> realm = SAMDOM.TESTING.COM >> server role = active directory domain controller >> workgroup = SAMDOM >> idmap_ldb:use rfc2307 = yes >> log file = /var/log/samba/%m.log >> log level = 3 >> tls enabled = yes >> template shell = /bin/bash >> template homedir = /share/%U > > See notes below: > >> vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes >> winbind enum groups = Yes >> winbind enum users = Yes >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> idmap config SAMDOM:backend = ad >> idmap config SAMDOM:schema_mode = rfc2307 >> idmap config SAMDOM : range = 10000-999999 >> idmap config SAMDOM : unix_nss_info = yes >> idmap config SAMDOM:unix_primary_group = yes >> username map = /usr/local/samba/etc/user.map > > I think you may have misunderstood me, the 13 lines above should NEVER > be added to the smb.conf on a DC, they belong in a Unix domain > member smb.conf (except for the 'winbind enum' lines and they should > only be used for testing purposes) > >> >> Domain member/file server: > >> idmap_ldb:use rfc2307 = yes > > This line should only be in a DC smb.conf > >> I was trying to walk through the creating shares bit and I noticed >> that getent passwd and getent group dont work >> Am I missing something else? >> > > Have you set up libnss_winbind ? > > Rowland
On Thu, 9 Nov 2017 15:58:04 +0100 Sina Owolabi <notify.sina at gmail.com> wrote:> Yes I did setup libnss_winbind. > wbinfo -u and -g on the domain member both work: > > [root at testfsrv ~]# wbinfo -u > SAMDOM\testakin > SAMDOM\testsina > SAMDOM\testigein > SAMDOM\administrator > SAMDOM\krbtgt > SAMDOM\guest > [root at testfsrv ~]# wbinfo -g > SAMDOM\allowed rodc password replication group > SAMDOM\enterprise read-only domain controllers > SAMDOM\denied rodc password replication group > SAMDOM\read-only domain controllers > SAMDOM\group policy creator owners > SAMDOM\ras and ias servers > SAMDOM\domain controllers > SAMDOM\enterprise admins > SAMDOM\domain computers > SAMDOM\cert publishers > SAMDOM\dnsupdateproxy > SAMDOM\domain admins > SAMDOM\domain guests > SAMDOM\schema admins > SAMDOM\domain users > SAMDOM\dnsadmins >All 'wbinfo -u' and 'wbinfo -g' prove is that winbind can connect to AD, it does not prove that the Unix OS knows who the users are. 'getent passwd username' should produce something like this: rowland at devstation:~$ getent passwd rowland rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash What OS is this and how have you set up libnss_winbind ? Rowland
It’s Centos 7 and I thought all I had to do was set up nsswitch.conf for it to work. cordially yours, Sina Owolabi Mob: +2348034022578 Skype: darkchild2011 On 9 Nov 2017, 4:24 PM +0100, Rowland Penny via samba <samba at lists.samba.org>, wrote:> On Thu, 9 Nov 2017 15:58:04 +0100 > Sina Owolabi <notify.sina at gmail.com> wrote: > > > Yes I did setup libnss_winbind. > > wbinfo -u and -g on the domain member both work: > > > > [root at testfsrv ~]# wbinfo -u > > SAMDOM\testakin > > SAMDOM\testsina > > SAMDOM\testigein > > SAMDOM\administrator > > SAMDOM\krbtgt > > SAMDOM\guest > > [root at testfsrv ~]# wbinfo -g > > SAMDOM\allowed rodc password replication group > > SAMDOM\enterprise read-only domain controllers > > SAMDOM\denied rodc password replication group > > SAMDOM\read-only domain controllers > > SAMDOM\group policy creator owners > > SAMDOM\ras and ias servers > > SAMDOM\domain controllers > > SAMDOM\enterprise admins > > SAMDOM\domain computers > > SAMDOM\cert publishers > > SAMDOM\dnsupdateproxy > > SAMDOM\domain admins > > SAMDOM\domain guests > > SAMDOM\schema admins > > SAMDOM\domain users > > SAMDOM\dnsadmins > > > > All 'wbinfo -u' and 'wbinfo -g' prove is that winbind can connect to > AD, it does not prove that the Unix OS knows who the users are. > > 'getent passwd username' should produce something like this: > > rowland at devstation:~$ getent passwd rowland > rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash > > What OS is this and how have you set up libnss_winbind ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba