venkat ramu
2019-Jan-07 21:53 UTC
[Samba] I have issue in configuring file servers with AD integration.
Hi, I am configuring file servers with AD integration with referring below link. I am able to get AD user name and group by running this command wbinfo -u and wbinfo -g but when I run getent passwd and getent group I am unable to see in the list. Please help me to understand where I am doing wrong. https://www.teknophiles.com/2016/11/14/linux-file-servers-in-a-windows-domain/ Environment Details are: OS : Ubuntu 18.04 SAMBA : Version 4.7.6-Ubuntu Thanks, Venkat
Rowland Penny
2019-Jan-07 22:31 UTC
[Samba] I have issue in configuring file servers with AD integration.
On Tue, 8 Jan 2019 03:23:24 +0530 venkat ramu via samba <samba at lists.samba.org> wrote:> Hi, > > I am configuring file servers with AD integration with referring below > link. I am able to get AD user name and group by running this command > wbinfo -u and wbinfo -g but when I run getent passwd and getent group > I am unable to see in the list. Please help me to understand where I > am doing wrong. > > https://www.teknophiles.com/2016/11/14/linux-file-servers-in-a-windows-domain/Well, the first thing you did wrong was to follow that webpage, it was borked when it was written and it is even more borked now ;-) It doesn't even tell you to install the 'attr' package, it doesn't tell you how to configure smb.conf correctly or show you an example.> > Environment Details are: > OS : Ubuntu 18.04 > SAMBA : Version 4.7.6-UbuntuYou can obtain Samba 4.9.4 packages here: http://apt.van-belle.nl/ In the mean time, can you post the contents of the following files: /etc/hostname /etc/hosts /etc/resolv.conf /etc/krb5.conf /etc/samba/smb.conf (with all the commented lines removed) /etc/nsswitch.conf What packages did you actually install ? Webmin is okay, but the 'samba' part is a bit old. Rowland
Rowland Penny
2019-Jan-08 09:42 UTC
[Samba] I have issue in configuring file servers with AD integration.
On Tue, 8 Jan 2019 09:38:54 +0530 venkat ramu <ramut123 at gmail.com> wrote:> Hi Rowland, > > Please find the attached requested details. also Could you please > share right document for the SAMBA configuration with AD > authentication for file server. Thank you the help. > > Thanks, > VenkatOK, you have a choice here, you can either do what I do, which is make the network settings work for me (this involves removing netplan) or try and work with the OS, for the latter, see here (at the bottom): https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt I am sure that Louis will correct any differences between a DC setup and a Unix domain member ;-) If you follow how I do it, remove netplan and then make /etc/hosts look like this: 127.0.0.1 localhost <UBUNTU-BASE IP> ubuntu-base.testlab.com ubuntu-base # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters make /etc/resolv.conf look like this: search testlab.com nameserver 192.168.0.81 /etc/krb5.conf only needs to contain this: [libdefaults] default_realm = TESTLAB.COM dns_lookup_realm = false dns_lookup_kdc = true I would suggest you make your smb.conf look like this: [global] workgroup = TESTLAB security = ADS realm = TESTLAB.COM server string = %h server (Samba, Ubuntu) winbind use default domain = yes winbind expand groups = 2 ## map ids outside of domain to tdb files. idmap config * : backend = tdb idmap config * : range = 2000-9999 ## map ids from the domain the ranges may not overlap ! idmap config TESTLAB : backend = rid idmap config TESTLAB : range = 10000-20000 template shell = /bin/bash domain master = no local master = no preferred master = no os level = 20 # user Administrator workaround, without it you are unable to set privileges username map = /etc/samba/user.map # For ACL support on domain member vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes max log size = 1000 log file = /var/log/samba/log.%m syslog = 0 log level = 3 passdb:5 auth:5 panic action = /usr/share/samba/panic-action %d [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers It assumes you haven't added anything to AD and will use the winbind 'rid' backend. You will also have to create /etc/samba/user.map with this content: !root = TESTLAB\Administrator Rowland
venkat ramu
2019-Jan-08 10:31 UTC
[Samba] I have issue in configuring file servers with AD integration.
Thanks Rowland, I will try with your option and will let you know. Thanks, Venkat On Tue, Jan 8, 2019 at 3:13 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 8 Jan 2019 09:38:54 +0530 > venkat ramu <ramut123 at gmail.com> wrote: > > > Hi Rowland, > > > > Please find the attached requested details. also Could you please > > share right document for the SAMBA configuration with AD > > authentication for file server. Thank you the help. > > > > Thanks, > > Venkat > > OK, you have a choice here, you can either do what I do, which is make > the network settings work for me (this involves removing netplan) or > try and work with the OS, for the latter, see here (at the bottom): > > > https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt > > I am sure that Louis will correct any differences between a DC setup > and a Unix domain member ;-) > > If you follow how I do it, remove netplan and then make /etc/hosts look > like this: > > 127.0.0.1 localhost > <UBUNTU-BASE IP> ubuntu-base.testlab.com ubuntu-base > > # The following lines are desirable for IPv6 capable hosts > ::1 ip6-localhost ip6-loopback > fe00::0 ip6-localnet > ff00::0 ip6-mcastprefix > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > make /etc/resolv.conf look like this: > > search testlab.com > nameserver 192.168.0.81 > > /etc/krb5.conf only needs to contain this: > > [libdefaults] > default_realm = TESTLAB.COM > dns_lookup_realm = false > dns_lookup_kdc = true > > I would suggest you make your smb.conf look like this: > > [global] > workgroup = TESTLAB > security = ADS > realm = TESTLAB.COM > server string = %h server (Samba, Ubuntu) > > winbind use default domain = yes > winbind expand groups = 2 > > ## map ids outside of domain to tdb files. > idmap config * : backend = tdb > idmap config * : range = 2000-9999 > ## map ids from the domain the ranges may not overlap ! > idmap config TESTLAB : backend = rid > idmap config TESTLAB : range = 10000-20000 > > template shell = /bin/bash > domain master = no > local master = no > preferred master = no > os level = 20 > > # user Administrator workaround, without it you are unable to set > privileges > username map = /etc/samba/user.map > > # For ACL support on domain member > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > max log size = 1000 > log file = /var/log/samba/log.%m > syslog = 0 > log level = 3 passdb:5 auth:5 > panic action = /usr/share/samba/panic-action %d > > [printers] > comment = All Printers > browseable = no > path = /var/spool/samba > printable = yes > create mask = 0700 > > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > > It assumes you haven't added anything to AD and will use the winbind > 'rid' backend. > > You will also have to create /etc/samba/user.map with this content: > > !root = TESTLAB\Administrator > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Seemingly Similar Threads
- I have issue in configuring file servers with AD integration.
- I have issue in configuring file servers with AD integration.
- Samba AD-DC idmap config
- I have issue in configuring file servers with AD integration.
- Problems setting up samba bind9_dlz on Ubuntu 18.04