Hi! I've installed samba 4.7.4 with options. All works fine except winbind. The command getent and id don't return ad users. What's the problem? ./configure --prefix=/opt/samba --libdir=/lib64 --with-piddir=/run/samba --with-pammodulesdir=/lib64/security --enable-fhs --without-ad-dc --enable-selftest
On Mon, 5 Feb 2018 17:20:49 +0600 Рустам Кульназаров via samba <samba at lists.samba.org> wrote:> Hi! > > I've installed samba 4.7.4 with options. All works fine except > winbind. The command getent and id don't return ad users. What's the > problem? > > ./configure --prefix=/opt/samba --libdir=/lib64 > --with-piddir=/run/samba --with-pammodulesdir=/lib64/security > --enable-fhs --without-ad-dc --enable-selftestHow have you set up smb.conf ? Rowland
On Mon, 5 Feb 2018 17:51:17 +0600 Рустам Кульназаров <rkulnazarov at gmail.com> wrote:> [global] > > netbios name = bh1 > workgroup = COMPANY > realm = COMPANY.LOCAL > server string = host1 > security = ads > passdb backend = tdbsam > load printers = yes > log file = /var/log/samba/log.%m > max log size = 1000 > log level = 10 > winbind use default domain = true > winbind offline logon = true > winbind enum users = yes > winbind enum groups = yes > kerberos method = secrets only > cups options = raw > unix charset = UTF-8 > dos charset = 866 > bind interfaces only = yes > interfaces = lo enp16s0f0 > dns proxy = no > client use spnego = yes > idmap config COMPANY : schema_mode = rfc2307 > > idmap config COMPANY : backend = rid > idmap config COMPANY : range = 5000000-5999999 > > idmap config TRUSTED : backend = rid > idmap config TRUSTED : range = 6000000-6999999 > > > idmap config * : backend = tdb > idmap config * : range = 1000000-1999999 >As you are using trusted domains, you cannot use 'winbind use default domain = true' Have you set up the libnss-winbind links and /etc/nsswitch.conf ? However, it may all be down to this in your configure options: '--without-ad-dc'. If everything else is correct and it still doesn't work, try compiling again without that option. Rowland
Yes, I have. As far as I know if I compile samba in /opt/samba and type the command 'smbd -b | grep LIBDIR' It shows me the library directory. Why should I do links for libnss-winbind? On Feb 5, 2018 17:20, "Рустам Кульназаров" <rkulnazarov at gmail.com> wrote:> Hi! > > I've installed samba 4.7.4 with options. All works fine except winbind. > The command getent and id don't return ad users. What's the problem? > > ./configure --prefix=/opt/samba --libdir=/lib64 --with-piddir=/run/samba > --with-pammodulesdir=/lib64/security --enable-fhs --without-ad-dc > --enable-selftest > >
On Mon, 5 Feb 2018 19:09:11 +0600 Рустам Кульназаров via samba <samba at lists.samba.org> wrote:> Yes, I have. As far as I know if I compile samba in /opt/samba and > type the command 'smbd -b | grep LIBDIR' It shows me the library > directory. Why should I do links for libnss-winbind? >Because whilst Samba will know who your AD users and groups are, without the libnss-winbind links, your Unix OS will not. Rowland
On Tue, 6 Feb 2018 12:36:56 +0600 Рустам Кульназаров <rkulnazarov at gmail.com> wrote:> I compiled samba again without option '--without-ad-dc', removed some > entries in smb.conf: > idmap config TRUSTED : backend = rid > idmap config TRUSTED : range = 6000000-6999999 > > It doesn't work. > > nsswitch.conf: > passwd: files winbind > group: files winbind > shadow: files > > libnss-winbind libraries in directories /lib and /lib64: > lrwxrwxrwx. 1 root root 24 Feb 6 12:08 libnss_winbind.so -> > /lib/libnss_winbind.so.2 > -rwxr-xr-x. 1 root root 31856 Feb 6 12:05 libnss_winbind.so.2 > lrwxrwxrwx. 1 root root 21 Feb 6 12:08 libnss_wins.so -> > /lib/libnss_wins.so.2 > -rwxr-xr-x. 1 root root 16840 Feb 6 12:05 libnss_wins.so.2What OS is this ? Have you also set up PAM correctly Rowland