Thank you Matthieu for your answer. Le 08/04/2013 01:37, Matthieu Patou a écrit : >> 1) First attempt to join the domain in the member server >> >> root@member~# samba-tool domain join chezmoi.priv member -U >> administrator --realm=chezmoi.priv >> Password for [CHEZMOI\administrator]: >> Joined domain CHEZMOI (S-1-5-21-3370545617-3166960116-3193249687) >> >> root@member~# ldconfig >> >> root@member~# smbd && nmbd >> >> And now impossible to run winbindd. >> >> ----------------------------------------------- >> root@member~# winbindd -i -d 10
[...] >> pack_tdc_domains: Packing 2 trusted domains >> pack_tdc_domains: Packing domain BUILTIN () >> pack_tdc_domains: Packing domain WHEEZY-2 () >> idmap config WHEEZY-2 : range = not defined >> Added domain WHEEZY-2 S-1-5-21-210096926-4033722923-1792459932 >> Could not fetch our SID - did we join? >> unable to initialize domain list >> ----------------------------------------------- > Hum, interesting, would be worth to check that from a clean setup you > have this issue again and again. I have 2 "virtualbox" snapshots of Debian Wheezy with a Samba 4.0.4 installation in /usr/local/samba/. And I have the problem each time. Let me explain you what I have done exactly. In the DC server *and* in the MEMBER server (both in static IP), I have done this: ----------------------------------------------- apt-get update apt-get dist-upgrade apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libtool xsltproc libpam0g-dev attr acl psmisc ntp libtalloc2 libtalloc-dev vi /etc/fstab # I add the acl and user_xattr options for "/" partition mount -o remount / cd /usr/local/src/ wget https://ftp.samba.org/pub/ldb/ldb-1.1.15.tar.gz && tar -zxvf ldb-1.1.15.tar.gz wget http://ftp.samba.org/pub/samba/samba-4.0.4.tar.gz && tar -zxvf samba-4.0.4.tar.gz cd /usr/local/src/ldb-1.1.15/ && ./configure && make && make install cd /usr/local/src/samba-4.0.4 && ./configure && make && make install echo 'export PATH="/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH"' > ~/.bashrc halt ----------------------------------------------- Couic ! Snapshot of the DC server and snapshot of the MEMBER server. :-) Then, in the DC server, I have done: ----------------------------------------------- samba-tool domain provision # I keep the default answers each time, seems to work fine # 192.168.0.21 = IP of DC server which are DNS server (internal DNS) echo "nameserver 192.168.0.21" > /etc/resolv.conf ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 vi /etc/nsswitch.conf # add winbind for passwd and group ldconfig samba ----------------------------------------------- Just for information, here is the smb.conf on the DC server after this commands: ----------------------------------------------- # Global parameters [global] workgroup = CHEZMOI realm = CHEZMOI.PRIV netbios name = WHEEZY-SERVER server role = active directory domain controller dns forwarder = 212.27.40.241 [netlogon] path = /usr/local/samba/var/locks/sysvol/chezmoi.priv/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No ----------------------------------------------- In the MEMBER server, I have done: ----------------------------------------------- echo "nameserver 192.168.0.21" > /etc/resolv.conf samba-tool domain join chezmoi.priv MEMBER -U administrator --realm=CHEZMOI.PRIV # seems to work fine ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 vi /etc/nsswitch.conf # add winbind for passwd and group ldconfig vi /usr/local/samba/etc/smb.conf # see below smbd && nmbd winbindd -i -d 10 ----------------------------------------------- And Boum ! I have the same error which I have described in my previous message. The winbindd command is stopped. Just for information, here is the smb.conf in the MEMBER server: ----------------------------------------------- [global] workgroup = CHEZMOI security = ADS realm = CHEZMOI.PRIV encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config CHEZMOI:backend = ad idmap config CHEZMOI:schema_mode = rfc2307 idmap config CHEZMOI:range = 500-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes ----------------------------------------------- Do I have forgotten one step ? >> 2) Second attempt to join the domain in the member server. It's better >> but It doesn't work too. >> >> root@member:~# net ads join -U administrator >> Enter administrator's password: >> Using short domain name -- CHEZMOI >> Joined 'WHEEZY-2' to dns domain 'chezmoi.priv' >> DNS Update for wheezy-2.chezmoi.priv failed: ERROR_DNS_UPDATE_FAILED >> DNS update failed: NT_STATUS_UNSUCCESSFUL >> >> root@member:~# ldconfig >> root@member:~# smbd && nmbd >> root@member:~# winbindd -i -d 10 >> >> And winbindd seems to be ok. I have : >> >> root@member:~# wbinfo -u >> administrator >> krbtgt >> test10 >> test11 >> guest >> test1 >> test2 >> test3 >> test4 >> test5 >> test6 >> ... >> >> root@member:~# wbinfo -i test9 >> test9:*:70004:70001:test9:/home/CHEZMOI/test9:/bin/false >> >> But if I create an user in the domain controller server: >> >> root@dc:~# samba-tool user add test12 --random-password >> User 'test12' created successfully >> >> after in the member server: >> >> root@member:~# wbinfo -i test12 >> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND >> Could not get info for user test12 >> >> Here is the stdout of winbindd during the command : >> >> ----------------------------------------------- >> info : * >> info: struct wbint_userinfo >> acct_name : * >> acct_name : 'test12' >> full_name : NULL >> homedir : NULL >> shell : NULL >> primary_gid : 0x00000000ffffffff >> (4294967295) >> user_sid : >> S-1-5-21-3370545617-3166960116-3193249687-1115 >> group_sid : >> S-1-5-21-3370545617-3166960116-3193249687-513 >> result : NT_STATUS_NOT_FOUND >> Could not convert sid S-1-5-21-3370545617-3166960116-3193249687-1115: >> NT_STATUS_NOT_FOUND >> wb_request_done[2813:GETPWNAM]: NT_STATUS_NOT_FOUND >> winbind_client_response_written[2813:GETPWNAM]: delivered response to >> client >> closing socket 23, client exited >> ----------------------------------------------- > Don't you have rfc2307 configured ? The smb.conf of DC server and the smb.conf of MEMBER server are exacty like above in this message. So, I have « winbind nss info = rfc2307 » in the smb.conf of the MEMBER server. > if so for the new user did you set the needed attributes ? I have just run: samba-tool user add test12 --random-password That's all. Which are the needed attributes? Thanks for your help. -- François Lafont -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba