yes windbind is installed and running yes sssd is installed, but it was not running. I did start it and ran net cache flush and id again and still no such user. This is the working nsswitch.conf file that was copied over from the 7.3 working system. /etc/nsswitch.conf passwd: files sss winbind shadow: files sss winbind group: files sss winbind #initgroups : files sss hosts: files dns myhostname bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss publickey: nisplus automount: files aliases: files nisplus On Thu, Mar 14, 2019 at 10:49 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 14 Mar 2019 10:26:05 -0400 > Tyrus Shivers <tyrus.shivers at bestgateeng.com> wrote: > > > after running both it returned id: MYDOMAIN\user1: no such user. > > There has to be a first time and this is it, the rid backend isn't > working, but why ? > > Is winbind installed and running ? > is sssd installed and running ? > can you post the contents of /etc/nsswitch.conf ? > > The 'rid' backend uses the Windows Accounts RID to calculate the > Unix ID's, so if winbind is running, the computer is joined to the > domain and /etc/nsswitch.conf is setup correctly, it should work. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- V/R Tyrus Shivers Bestgate Engineering LLC Direct: (410) 872-2457 tyrus.shivers at bestgateeng.com <tyrus.shivers at bestgateeng.com> This e-mail transmission and any documents, files or previous e-mail messages attached to it, may be privileged and confidential and is intended only for the use of the intended recipient of this message. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any review, disclosure, retention, copying, dissemination, distribution or use of any of the information contained in, or attached to this e-mail transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by return e-mail or by telephone at the above number and delete this e-mail message and its attachments.
On Thu, 14 Mar 2019 13:08:13 -0400 Tyrus Shivers <tyrus.shivers at bestgateeng.com> wrote:> yes windbind is installed and runningGood> yes sssd is installed, but it was not running. I did start it and ranBad, good and then bad again ;-) I would remove sssd, it isn't required if you are using winbind> net cache flush and id again and still no such user. > > This is the working nsswitch.conf file that was copied over from the > 7.3 working system. > > /etc/nsswitch.conf > > passwd: files sss winbind > shadow: files sss winbind > group: files sss winbind > #initgroups : files sss > > hosts: files dns myhostname > > bootparams: nisplus [NOTFOUND=return] files > > ethers: files > netmasks: files > networks: files > protocols: files > rpc: files > services: files sss > > netgroup: files sss > publickey: nisplus > > automount: files > aliases: files nisplus >I would remove all the 'sss' occurrences and 'winbind from the shadow line. Is Selinux blocking access ? Is a firewall running and blocking ports ? The 'rid' backend is usually the easiest to use, you just add the required lines to smb.conf, restart smbd, nmbd & winbind and it usually just works. Just a thought, is the computer using a DC as its first nameserver in /etc/resolv.conf ? Rowland
removed sssd. removed all sss occurrences and winbind from the shadow line. Selinux is disabled. firewalld is disabled. not sure if there is a difference but I have smb and winbind, I do not have nmbd or smbd. /etc/resolv.conf search mydomain.com nameserver "ipaddress for DC1" nameserver "ipaddress for DC2" Still no such user after restarting the services and executing net cache flush. On Thu, Mar 14, 2019 at 1:25 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 14 Mar 2019 13:08:13 -0400 > Tyrus Shivers <tyrus.shivers at bestgateeng.com> wrote: > > > yes windbind is installed and running > > Good > > > yes sssd is installed, but it was not running. I did start it and ran > > Bad, good and then bad again ;-) > > I would remove sssd, it isn't required if you are using winbind > > > net cache flush and id again and still no such user. > > > > This is the working nsswitch.conf file that was copied over from the > > 7.3 working system. > > > > /etc/nsswitch.conf > > > > passwd: files sss winbind > > shadow: files sss winbind > > group: files sss winbind > > #initgroups : files sss > > > > hosts: files dns myhostname > > > > bootparams: nisplus [NOTFOUND=return] files > > > > ethers: files > > netmasks: files > > networks: files > > protocols: files > > rpc: files > > services: files sss > > > > netgroup: files sss > > publickey: nisplus > > > > automount: files > > aliases: files nisplus > > > > I would remove all the 'sss' occurrences and 'winbind from the shadow > line. > > Is Selinux blocking access ? > Is a firewall running and blocking ports ? > > The 'rid' backend is usually the easiest to use, you just add the > required lines to smb.conf, restart smbd, nmbd & winbind and it usually > just works. > > Just a thought, is the computer using a DC as its first nameserver > in /etc/resolv.conf ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- V/R Tyrus Shivers Bestgate Engineering LLC Direct: (410) 872-2457 tyrus.shivers at bestgateeng.com <tyrus.shivers at bestgateeng.com> This e-mail transmission and any documents, files or previous e-mail messages attached to it, may be privileged and confidential and is intended only for the use of the intended recipient of this message. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any review, disclosure, retention, copying, dissemination, distribution or use of any of the information contained in, or attached to this e-mail transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by return e-mail or by telephone at the above number and delete this e-mail message and its attachments.