Hi,
We recently switched our NT4 Domain to AD.
We have 2 AD serves using sernet packages on debian buster with bind9
dns backend, isc-dhcpd updated by the dyndns script.
Files are served by a AD member server (AKA fileserver) on debian
buster, too. It's using the original debian samba packages.
However, I am still far away from calling myself familiar with samba 4
AD :(.
Nevertheless, I thought it was a good idea to bring our backup (AKA
backup) server into the AD domain facilitating the restore of files
deleted by error.
However I can't get the id mapping working on this beast :(.
---cut---
root at backup:~# cat /etc/samba/smb.conf
[global]
[...]
winbind use default domain = yes
winbind refresh tickets = yes
idmap config * : range = 10000 - 19999
idmap config ad : backend = rid
idmap config ad : range = 100000 - 199999
[...]
root at backup:~# net ads testjoin
Join is OK
root at backup:~# wbinfo -u
.....
maikholtkamp
root at backup:~# cat /etc/nsswitch.conf
...
passwd: compat systemd winbind
group: compat systemd winbind
---cut---
however:
---cut---
root at backup:~# getent passwd maikholtkamp
root at backup:~#
---cut--
All configs of this host backup are the same than on the host
fileserver, AFAIK, where the mapping works like a charm:
---cut---
root at fileserver ~ # getent passwd maikholtkamp
maikholtkamp:*:101105:100513:Maik Holtkamp:/home/AD/maikholtkamp:/bin/false
---cut---
Any ideas?
TIA.
--
Mit freundlichen Gruessen/Best regrads Maik Holtkamp
Kirchstr. 76 D-32278 Kirchlengern/Germany
Tel: +49 5223 879202 Mob.: +49 172 203 5491
e-mail: s-y-l at gmx.net
On 26/08/2020 14:45, Maik Holtkamp via samba wrote:> Hi, > > We recently switched our NT4 Domain to AD. > > We have 2 AD serves using sernet packages on debian buster with bind9 > dns backend, isc-dhcpd updated by the dyndns script. > > Files are served by a AD member server (AKA fileserver) on debian > buster, too. It's using the original debian samba packages. > > ---cut--- > root at fileserver ~ # getent passwd maikholtkamp > maikholtkamp:*:101105:100513:Maik > Holtkamp:/home/AD/maikholtkamp:/bin/false > ---cut---Have you installed libnss-winbind, libpam-winbind and libpam-krb5 ? Rowland
Hi, Am 26.08.2020 um 15:56 schrieb Rowland penny via samba:> On 26/08/2020 14:45, Maik Holtkamp via samba wrote: >> We recently switched our NT4 Domain to AD. >> >> We have 2 AD serves using sernet packages on debian buster with bind9 >> dns backend, isc-dhcpd updated by the dyndns script. >> >> Files are served by a AD member server (AKA fileserver) on debian >> buster, too. It's using the original debian samba packages. >> >> ---cut--- >> root at fileserver ~ # getent passwd maikholtkamp >> maikholtkamp:*:101105:100513:Maik >> Holtkamp:/home/AD/maikholtkamp:/bin/false >> ---cut--- > > Have you installed libnss-winbind, libpam-winbind and libpam-krb5 ?Bingo, no *-winbind was install. THX, working now. BTW: Didn't install libpam-krb5 since it was trying to remove libpam-heimdal. -- Mit freundlichen Gruessen/Best regrads Maik Holtkamp Kirchstr. 76 D-32278 Kirchlengern/Germany Tel: +49 5223 879202 Mob.: +49 172 203 5491 e-mail: s-y-l at gmx.net Datenschutz Bedenken/Privacy Concerns: PGP-ID: 0xB8DC036F