In all honesty, this is my first time using a binary samba package (I am a native slackware user that converted to Fedora simply because it was easier from start-to-finish FWIW)
[]# smbd -V Version 3.4.7-58.fc12 Here's my smb.conf global section: [global] workgroup = WORKGROUPNAME realm = ad.university.edu server string = Samba Server Version %v netbios name = vm-srvname security = ADS password server = * passdb backend = tdbsam admin users = @"WORKGROUPNAME+Domain Admins" log level = 2 log file = /var/log/samba/log.%m max log size = 5000 interfaces = eth0 lo socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 load printers = No #printing = printcap name = /etc/printcap client use spnego = yes client ntlmv2 auth = yes winbind use default domain = yes winbind separator = + winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 allow trusted domains = yes idmap uid = 10000-99999 idmap gid = 10000-99999 #idmap backend = ad idmap domains = WORKGROUPNAME idmap config WORKGROUPNAME:backend = ad idmap config WORKGROUPNAME:schema_mode = rfc2307 idmap config WORKGROUPNAME:range = 1000-75999 #template shell = /bin/bash #template homedir = /home/share #server signing = enabled ;dead time = 15 getwd cache = yes nt acl support = yes acl map full control = no store dos attributes = yes map acl inherit = yes local master = yes master browser = no dns proxy = no unix extensions = no guest account = nobody Mike On Mon, Jul 19, 2010 at 11:09 AM, Mucke, Tobias, FCI4 < tobias.mu...@mbda-systems.de> wrote: > Hi Michael, > > which version of Samba do you have? > > Are you able to post your Samba configuration? > > Thank you. > > Tobias > > > Mit freundlichen Grüßen > > Tobias Mucke > > > > LFK-Lenkflugkörpersysteme GmbH > Serverpool, FCI4 > Landshuter Straße 26, 85716 Unterschleißheim, GERMANY > Phone: +49 89 3179 8438 > Fax: +49 89 3179 8927 > Mobile: +49 170 635 3830 > E-Mail: tobias.mu...@mbda-systems.de > > http://www.mbda.net > > Chairman of the Supervisory Board: Antoine Bouvier > Managing Director: Werner Kaltenegger > Registered Office: Schrobenhausen > Commercial Register: Amtsgericht Ingolstadt, HRB 4365 > > Message sent from handheld via BlackBerry Server. > > ________________________________ > > Von: Michael Lyon <mjl...@gmail.com> > An: Mucke, Tobias, FCI4; samba@lists.samba.org <samba@lists.samba.org> > Gesendet: Mon Jul 19 14:22:37 2010 > Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD > > > I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC > console. I'm using Samba/WInbind and use samba shares as user home > directories that are mounted at login-time on Windows 7 machines. > > This is a first attempt as we migrated to Windows 2k8r2 in order to have > better support for Win7 clients, as we had too many issues with Samba as our > PDC. > > Mike > > > > On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 < > tobias.mu...@mbda-systems.de> wrote: > > > Hi, > > I'am afraid this is a general issue with Winbind. I am experiencing > the same problems and my logs look quite similar to Henrik's logs. I am > using Samba 3.5.4 and tried to resolve this issue without luck. In fact I > have a working lab environment with Winbind 3.5.4, AD based on Windows > Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = > rfc2307. Unfortunately I was not able to port this setup back to the actual > production environment with Winbind 3.5.4 and AD based on Windows Server > 2003 with SFU 3.5. > Besides AD "versions" there is another large difference between the > production and the lab. In production the domain structure is far more > complex ... > Actually I am deploying a lab more close to the actual production > environment. > > Another important thing to me would be a configuration example of > somebody out there using Winbind in an actual version 3.5.x with backend ad > and SFU for Shell and Home Directories. Anybody? > > Thank you. > > Tobias > > > > LFK-Lenkflugkörpersysteme GmbH > Serverpool, FCI4 > Landshuter Straße 26, 85716 Unterschleißheim, GERMANY > Phone: +49 89 3179 8438 > Fax: +49 89 3179 8927 > Mobile: +49 170 635 3830 > E-Mail: tobias.mu...@mbda-systems.de > > http://www.mbda.net > > Chairman of the Supervisory Board: Antoine Bouvier > Managing Director: Werner Kaltenegger > Registered Office: Schrobenhausen > Commercial Register: Amtsgericht Ingolstadt, HRB 4365 > > -----Ursprüngliche Nachricht----- > Von: samba-boun...@lists.samba.org [mailto: > samba-boun...@lists.samba.org] Im Auftrag von Necos Secon > Gesendet: Montag, 19. Juli 2010 01:50 > An: samba@lists.samba.org > Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD > > > I accidentally deleted the first set of messages in my email for > this thread, but does your DNS resolve properly? What does your resolv.conf > look like? Also, what do these files look like: > > krb5.conf > smb.conf > > There's an option in smb.conf, winbind enum users, which needs to be > set in order for getent to function properly. There is a corresponding > option for groups as well. Look at them and let us know. > > > Date: Mon, 19 Jul 2010 01:12:41 +0200 > > From: h...@semark.dk > > To: esiot...@gmail.com > > CC: samba@lists.samba.org > > Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD > > > > Hi Micheal > > > > Sorry for not sending that information in the first place, but I > > though that it was so basic that it wasn't necessary. > > > > My nsswitch.conf: > > # cat /etc/nsswitch.conf > > # /etc/nsswitch.conf > > # > > # Example configuration of GNU Name Service Switch functionality. > > # If you have the `glibc-doc-reference' and `info' packages > installed, try: > > # `info libc "Name Service Switch"' for information about this > file. > > > > passwd: compat winbind > > group: compat winbind > > shadow: compat winbind > > > > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > > networks: files > > > > services: db files > > ethers: db files > > protocols: db files > > rpc: db files > > > > netgroup: nis > > > > I will mean that it is the way to do this (and it works just fine > on > > the UNIX servers that run there own Domain Controller) > > > > Med Venlig Hilsen / Best Regards > > Henrik Dige Semark > > > > Den 18-07-2010 17:03, Michael Wood skrev: > > > On 18 July 2010 01:34, Henrik Dige Semark<h...@semark.dk> > wrote: > > > > > >> Hey out there. > > >> > > >> I have to join my UNIX server with an existing Win2k3 AD > network. > > >> > > >> My system info: > > >> Debian Lenny > > >> Samba - 3.4.8 > > >> Winbind - 3.4.8 > > >> > > >> Windows Server 2003 with 2000-style-AD > > >> > > >> My problem is that, I have en UNIX server that have to run auth > up > > >> against our existing windows 2003 AD. > > >> > > >> I have successfully joined my UNIX server to the AD, without > problems. > > >> # net ads join -U Administrator > > >> Enter Administrator's password: > > >> Using short domain name -- TEST > > >> Joined 'MAIL' to realm 'TEST.LOCAL' > > >> > > >> My Samba config: http://pastebin.com/ZqaA0Ypn > > >> > > >> After the join I'm able to lookup peoples with # wbinfo -u > > >> > > > [...] > > > > > >> # wbinfo -g > > >> > > > [...] > > > > > >> Now the problem, getent only returns the local users and not > the > > >> users from the AD The funny thing is that if a user is local on > the > > >> UNIX and in the AD, I can login with the password from both > local > > >> and AD, so I know that it can lookup people and passwords > > >> > > >> # getent passwd hs ; echo $? > > >> 2 > > >> > > >> When I debug on getent it returns 2, witch means that it can't > find > > >> the user. > > >> > > > Do you have winbind specified in your nsswitch.conf file as > mentioned here: > > > > > > > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.h > > > tml#id2654732 > > > > > > > > _________________________________________________________________ > The New Busy is not the old busy. Search, chat and e-mail from your > inbox. > > http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 > -- > > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba