Hi,
I want to join samba 4.10.13 to an Win2k16 Server as member. The join
was succesfully:
net ads join -U administrator
Using short domain name -- CRANIX
Joined 'ADMIN' to dns domain 'cranix.win'
wbinfo -u lists all users. But wininfo -u <username> delivers following
error:
wbinfo -i administrator
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user administrator
smb.conf:
[global]
netbios name = admin
realm = CRANIX.WIN
workgroup = CRANIX
security = ADS
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
winbind enum users = Yes
winbind enum groups = Yes
idmap config CRANIX:backend = ad
idmap config CRANIX:unix_nss_info = no
bind interfaces only = yes
interfaces = 127.0.0.1, 172.20.0.2
Based on https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
What went wrong?
--
Dipl.-Ing. P?ter Varkoly
Greuleinweg 37.
D-90411 N?rnberg
On 24/03/2020 18:56, Dipl.-Ing. P?ter Varkoly via samba wrote:> Hi, > > I want to join samba 4.10.13 to an Win2k16 Server as member. The join > was succesfully: > net ads join -U administrator > Using short domain name -- CRANIX > Joined 'ADMIN' to dns domain 'cranix.win' > > wbinfo -u lists all users. But wininfo -u <username> delivers following > error: > wbinfo -i administratorForget Administrator on Unix domain member> Based on https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_MemberYes, but only vaguely ;-)> > What went wrong? >Could be numerous things, you didn't read the pages correctly, you didn't add any uidNumber & gidNumber attributes to AD (they are not added automatically), or you are using sssd. Try this smb.conf: [global] ??????? realm = CRANIX.WIN ??????? workgroup = CRANIX ??????? security = ADS ??????? bind interfaces only = yes ??????? interfaces = 127.0.0.1, 172.20.0.2 ??????? vfs objects = acl_xattr ??????? map acl inherit = Yes ??????? dedicated keytab file = /etc/krb5.keytab ??????? kerberos method = secrets and keytab ??????? winbind use default domain = yes ??????? winbind refresh tickets = Yes ??????? idmap config * : backend = tdb ??????? idmap config * : range = 3000-7999 ??????? idmap config CRANIX : backend = rid ??????? idmap config CRANIX : range = 10000-999999 ??????? # user Administrator workaround, without it you are unable to set privileges ??????? username map = /etc/samba/user.map Create the user.map: echo '!root = Administrator' > /etc/samba/user.map With that smb.conf, you will not have to add anything to AD. Also, if you are using sssd, you should remove it, you cannot use sssd with Samba >= 4.8.0 running as a fileserver. Rowland
THANK YOU VERY MUCH! NOW IT WORKS! Am Dienstag, den 24.03.2020, 19:21 +0000 schrieb Rowland penny via samba:> On 24/03/2020 18:56, Dipl.-Ing. P?ter Varkoly via samba wrote: > > Hi, > > > > I want to join samba 4.10.13 to an Win2k16 Server as member. The > > join > > was succesfully: > > net ads join -U administrator > > Using short domain name -- CRANIX > > Joined 'ADMIN' to dns domain 'cranix.win' > > > > wbinfo -u lists all users. But wininfo -u <username> delivers > > following > > error: > > wbinfo -i administrator > > Forget Administrator on Unix domain member > > Based on https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Dom > > ain_Member > > Yes, but only vaguely ;-) > > > > What went wrong? > > > > Could be numerous things, you didn't read the pages correctly, you > didn't add any uidNumber & gidNumber attributes to AD (they are not > added automatically), or you are using sssd. > > Try this smb.conf: > > [global] > realm = CRANIX.WIN > workgroup = CRANIX > security = ADS > > bind interfaces only = yes > interfaces = 127.0.0.1, 172.20.0.2 > > vfs objects = acl_xattr > map acl inherit = Yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > winbind use default domain = yes > winbind refresh tickets = Yes > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config CRANIX : backend = rid > idmap config CRANIX : range = 10000-999999 > > # user Administrator workaround, without it you are unable > to > set privileges > username map = /etc/samba/user.map > > Create the user.map: > > echo '!root = Administrator' > /etc/samba/user.map > > With that smb.conf, you will not have to add anything to AD. > > Also, if you are using sssd, you should remove it, you cannot use > sssd > with Samba >= 4.8.0 running as a fileserver. > > Rowland > > > >-- Dipl.-Ing. P?ter Varkoly Greuleinweg 37. D-90411 N?rnberg