On 16/08/12 19:32, Gémes Géza wrote:
2012-08-16 18:53 keltezéssel, steve írta:
Hi everyone
I have a S4 DC with a S3 fileserver. I want to create users and their
UninxHomeDirecory on the fileserver. I can do this with a script which
uses ldapmodify. Fine so far.
The user shows in getent passwd on the DC and in wbinfo -u on the S3
box but does not show in getent passwd on the fileserver. The user has
been created with all his rfc2307 attributes but is invisible to
winbind on the S3 box.
I have tried restarting winbind on the S3 box but still no luck. Is
there a cache I must clear somewhere?
How can I get new users to show on the S3 box?
Cheers,
Steve
Hi,
I'm not sure I've understand your situation, so please correct me if I'm
wrong. You have 3 computers:
1. Samba4 (everything work to the amount permitted by its winbind
implementation)
Does winbindd have to be running on this DC? I thought it didn't matter
whether it was or it wasn't. I use nss-ldapd for mapping on this box as
the S4 winbindd seems to be broken for groups.
2. Samba3 (everything works, including having homedirs and shells
obtained via winbind from AD)
Yes. The home director shares are all on this box
3. Samba3 (where do you intend to have home directories, and could not
list users)
No. I have no box 3. Just 2 boxes. S4 Dc and S3 fileserver.
Here is the conf which works on box2:
[global]
realm = hh3.site
workgroup = ALTEA
security = ADS
winbind enum users = Yes
winbind enum groups = Yes
idmap config *:backend = tdb
idmap config *:range = 3000-4000
idmap config ALTEA:backend = ad
idmap config ALTEA:range = 20000-40000000
idmap config ALTEA:schema_mode = rfc2307
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
[home]
path = /home2/home
read only = No
[profiles]
path = /home2/profiles
read only = No
However, m$ machines cannot write to the shares even though they are
correctly listed as having the correct permissions and ownership.
If that is the situation you could simply copy the config from second
box to third one, and add a [homes] share and everything should work.
If not, in a previous e-mail of you've already wrote the samba config
needed for having a working winbind with idmap_ad. On think I've learned
the hard way: if any of the gidNumbers of a group a user belongs to is
out of the range you've specified in your smb.conf for your domain that
user is going to be invisible (I've avoided it with a range = 0-10000000).
If you have winbind installed by package I would try to delete
/var/lib/samba/winbind* (WHILE winbind IS STOPED), and then reatart it.
Regards
Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
