Hi, I found a working Winbind version which is 3.4.7 coming with SLES-11 SP1. I managed to configure Winbind with backend AD to authenticate and authorize users based on Winbind and SFU3.5.
Thanks for this Opensoure product. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. ________________________________ Von: Mucke, Tobias, FCI4 An: 'samba@lists.samba.org' <samba@lists.samba.org> Gesendet: Mon Jul 19 18:09:24 2010 Betreff: AW: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Michael, which version of Samba do you have? Are you able to post your Samba configuration? Thank you. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. ________________________________ Von: Michael Lyon <mjl...@gmail.com> An: Mucke, Tobias, FCI4; samba@lists.samba.org <samba@lists.samba.org> Gesendet: Mon Jul 19 14:22:37 2010 Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC console. I'm using Samba/WInbind and use samba shares as user home directories that are mounted at login-time on Windows 7 machines. This is a first attempt as we migrated to Windows 2k8r2 in order to have better support for Win7 clients, as we had too many issues with Samba as our PDC. Mike On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 <tobias.mu...@mbda-systems.de> wrote: Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD "versions" there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production environment. Another important thing to me would be a configuration example of somebody out there using Winbind in an actual version 3.5.x with backend ad and SFU for Shell and Home Directories. Anybody? Thank you. Tobias LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -----Ursprüngliche Nachricht----- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Necos Secon Gesendet: Montag, 19. Juli 2010 01:50 An: samba@lists.samba.org Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. > Date: Mon, 19 Jul 2010 01:12:41 +0200 > From: h...@semark.dk > To: esiot...@gmail.com > CC: samba@lists.samba.org > Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD > > Hi Micheal > > Sorry for not sending that information in the first place, but I > though that it was so basic that it wasn't necessary. > > My nsswitch.conf: > # cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: compat winbind > group: compat winbind > shadow: compat winbind > > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > networks: files > > services: db files > ethers: db files > protocols: db files > rpc: db files > > netgroup: nis > > I will mean that it is the way to do this (and it works just fine on > the UNIX servers that run there own Domain Controller) > > Med Venlig Hilsen / Best Regards > Henrik Dige Semark > > Den 18-07-2010 17:03, Michael Wood skrev: > > On 18 July 2010 01:34, Henrik Dige Semark<h...@semark.dk> wrote: > > > >> Hey out there. > >> > >> I have to join my UNIX server with an existing Win2k3 AD network. > >> > >> My system info: > >> Debian Lenny > >> Samba - 3.4.8 > >> Winbind - 3.4.8 > >> > >> Windows Server 2003 with 2000-style-AD > >> > >> My problem is that, I have en UNIX server that have to run auth up > >> against our existing windows 2003 AD. > >> > >> I have successfully joined my UNIX server to the AD, without problems. > >> # net ads join -U Administrator > >> Enter Administrator's password: > >> Using short domain name -- TEST > >> Joined 'MAIL' to realm 'TEST.LOCAL' > >> > >> My Samba config: http://pastebin.com/ZqaA0Ypn > >> > >> After the join I'm able to lookup peoples with # wbinfo -u > >> > > [...] > > > >> # wbinfo -g > >> > > [...] > > > >> Now the problem, getent only returns the local users and not the > >> users from the AD The funny thing is that if a user is local on the > >> UNIX and in the AD, I can login with the password from both local > >> and AD, so I know that it can lookup people and passwords > >> > >> # getent passwd hs ; echo $? > >> 2 > >> > >> When I debug on getent it returns 2, witch means that it can't find > >> the user. > >> > > Do you have winbind specified in your nsswitch.conf file as mentioned here: > > > > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.h > > tml#id2654732 > > > > _________________________________________________________________ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
