Re: [Samba] Samba4 Member Server not working
I give up. Configured the server as Secundary Domain Controller. Now it works. 2013/8/29 steve > On 29/08/13 20:29, Carlos Alberto Borges Garcia wrote: > >> >> > >> > But if I run: >> > id test >> > id MYNET\test >> > id MYNET\\test >> > id t...@mynet.net <mailto:t...@mynet.net> >> >> > >> > >> > I get "No such ser" >> > >> >> > That should be: > id test > not: > id MYNET\\test > > > -- http://www.endomondo.com/profile/3312580 Veja: " http://naofoiacidente.org/blog/por-quem/ " -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Member Server not working
Still not working :( 2013/8/29 steve > On Thu, 2013-08-29 at 14:59 -0300, Carlos Alberto Borges Garcia wrote: > > Still not working: > > > > > > I created a test user: > > > > > > > > > > dn: CN=test,CN=Users,DC=mynet,DC=net > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: user > > cn: test > > givenName: test > > instanceType: 4 > > whenCreated: 20130827212151.0Z > > displayName: test > > uSNCreated: 45308 > > name: teste > > objectGUID: fee0d4a4-fd48-48ac-abb3-ce6fb180b10d > > badPwdCount: 0 > > codePage: 0 > > countryCode: 0 > > badPasswordTime: 0 > > lastLogoff: 0 > > lastLogon: 0 > > primaryGroupID: 513 > > objectSid: S-1-5-21-3124563532-696977291-52706181-1501131 > > accountExpires: 9223372036854775807 > > logonCount: 0 > > sAMAccountName: test > > sAMAccountType: 805306368 > > userPrincipalName: t...@mynet.net > > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mynet,DC=net > > pwdLastSet: 13022112112000 > > url: uidNumber > > userAccountControl: 512 > > msDS-SupportedEncryptionTypes: 0 > > gidNumber: 12345 > > uidNumber: 1234567 > > whenChanged: 20130829175016.0Z > > uSNChanged: 47069 > > distinguishedName: CN=test,CN=Users,DC=mynet,DC=net > > > > > > > > > > But if I run: > > id test > > id MYNET\test > > id MYNET\\test > > id t...@mynet.net > > > > > > I get "No such ser" > > > > Change: > uidNumber: 3000100 > gidNumber: 80513 > > and in smb.conf: > idmap config MYNET:range = 80001-310 > > > > > > -- http://www.endomondo.com/profile/3312580 Veja: " http://naofoiacidente.org/blog/por-quem/ " -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Member Server not working
Still not working: I created a test user: dn: CN=test,CN=Users,DC=mynet,DC=net objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: test givenName: test instanceType: 4 whenCreated: 20130827212151.0Z displayName: test uSNCreated: 45308 name: teste objectGUID: fee0d4a4-fd48-48ac-abb3-ce6fb180b10d badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid: S-1-5-21-3124563532-696977291-52706181-1501131 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: test sAMAccountType: 805306368 userPrincipalName: t...@mynet.net objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mynet,DC=net pwdLastSet: 13022112112000 url: uidNumber userAccountControl: 512 msDS-SupportedEncryptionTypes: 0 gidNumber: 12345 uidNumber: 1234567 whenChanged: 20130829175016.0Z uSNChanged: 47069 distinguishedName: CN=test,CN=Users,DC=mynet,DC=net But if I run: id test id MYNET\test id MYNET\\test id t...@mynet.net I get "No such ser" 2013/8/29 steve > On Thu, 2013-08-29 at 14:21 -0300, Carlos Alberto Borges Garcia wrote: > > Hi, > > > > > > Where can I enter this values in AD? > > > > Hi > If you have a recent version of Samba4, you can add them when you create > new users: > > samba-tool user add --help > will give the options. > > If you already have the users, just edit their entries e.g.: > > ldbedit --url=/usr/local/samba/private/sam.ldb cn=carlos > Add a minimum of: > uidNumber: 1234567 > gidNumber: 12345 > > Your winbind will then pull this information from AD when needed. > > You can get sensible values for uidNumber from idmap e.g.: > wbinfo -i carlos > > HTH > Steve > > > > -- http://www.endomondo.com/profile/3312580 Veja: " http://naofoiacidente.org/blog/por-quem/ " -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Member Server not working
Hi, Where can I enter this values in AD? 2013/8/29 steve > On Thu, 2013-08-29 at 11:14 +1200, Andrew Bartlett wrote: > > On Wed, 2013-08-28 at 20:11 -0300, Carlos Alberto Borges Garcia wrote: > > > Hi, > > > > > > I have one Samba4 server running as Active Directory Domain Controller. > > > It's working like a charm. > > > > > > So I needed to add another server to be a Member Server (File Server). > > > > > > The server is running samba-4.0.9. > > > > > > Configured and compiled ok: > > > > > > ./configure --prefix=/usr/local/samba --sysconfdir=/etc > > > --localstatedir=/var --mandir=/usr/man --bindir=/usr/bin > > > --sbindir=/usr/sbin --libdir=/lib --enable-fhs --with-ads > > > --with-shared-modules=idmap_ad,pam > > > > > > Installed ok. > > > > > > Kerberos OK. > > > I can run kinit and klist > > > > > > root@MYNETSRV08:/etc/samba# kinit Administrator > > > Password for administra...@mynet.net: > > > root@MYSRV08:/etc/samba# > > > > > > root@MYNETSRV08:/etc/samba# klist > > > Ticket cache: FILE:/tmp/krb5cc_0 > > > Default principal: administra...@mynet.net > > > > > > Valid startingExpires Service principal > > > 28/08/2013 19:59 29/08/2013 05:59 krbtgt/mynet@mynet.net > > > renew until 29/08/2013 19:59 > > > root@MYNETSRV08:/etc/samba# > > > > > > My SMB.CONF is below: > > > > > > [global] > > > > > >workgroup = MYNET > > >security = ADS > > >realm = MYNET.NET > > >encrypt passwords = yes > > > > > >idmap config *:backend = tdb > > >idmap config *:range = 70001-8 > > >idmap config MYNET:backend = ad > > >idmap config MYNET:schema_mode = rfc2307 > > > > > >idmap config MYNET:range = 500-4 > > > > > >winbind nss info = rfc2307 > > >winbind trusted domains only = no > > >winbind use default domain = yes > > >winbind enum users = yes > > >winbind enum groups = yes > > > > > > [test] > > >path = /mnt/files > > >read only = no > > > > > > > > > > > > I can add my server to domain: > > > > > > root@PCOSRV08:/etc/samba# net ads join -U administrator > > > Enter administrator's password: > > > Using short domain name -- MYNET > > > Joined 'MYNETSRV08' to dns domain 'mynet.net' > > > root@MYNETSRV08:/etc/samba# > > > > > > libnss_winbind.so is in the right place: > > > > > > root@MYNETSRV08:/etc/samba# ls /lib/libnss_winbind.so* > > > /lib/libnss_winbind.so /lib/libnss_winbind.so.2 > > > > > > The libs are loaded fine: > > > > > > root@MYNETSRV08:/etc/samba# ldconfig -v | grep libnss > > > libnss_hesiod.so.2 -> libnss_hesiod-2.13.so > > > libnss_compat.so.2 -> libnss_compat-2.13.so > > > libnss_dns.so.2 -> libnss_dns-2.13.so > > > libnss_ldap.so.2 -> libnss_ldap.so.2 > > > libnss_nis.so.2 -> libnss_nis-2.13.so > > > libnss_nisplus.so.2 -> libnss_nisplus-2.13.so > > > libnss_files.so.2 -> libnss_files-2.13.so > > > libnss_wins.so -> libnss_wins.so.2 > > > libnss_winbind.so -> libnss_winbind.so.2 > > > libnss_hesiod.so.2 -> libnss_hesiod-2.13.so > > > libnss_compat.so.2 -> libnss_compat-2.13.so > > > libnss_dns.so.2 -> libnss_dns-2.13.so > > > libnss_nis.so.2 -> libnss_nis-2.13.so > > > libnss_nisplus.so.2 -> libnss_nisplus-2.13.so > > > libnss_files.so.2 -> libnss_files-2.13.so > > > root@MYNETSRV08:/etc/samba# > > > > > > I added winbind to my nsswitch.conf > > > > > > passwd: compat winbind > > > group: compat winbind > > > > > > I can start the daemon without issues: > > > > > > smbd > > > nmbd > > > winbindd > > > > > > "wbinfo -u" list all my domain users > > > > > > "wbinfo -g" list all my domain groups > > > > > > > > > Here is the problems: > > > > > > When I run "getent passwd", it lists only the local users. > > > > For performance reasons, by default we do not list users in the AD > > domain. See winbind enum users in your smb.conf > > His smb.conf above shows that the OP has those lines for both users and > groups. > > > > > When I run "id Administrator", it returns "No such user". > > > > You need to use 'id MYNET\\administrator' > > > smb.conf has: winbind use default domain = Yes > Do we still need MYNET\\? > > Do your users have entries for: > uidNumber > and > gidNumber > in AD? > > Cheers > Steve > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- http://www.endomondo.com/profile/3312580 Veja: " http://naofoiacidente.org/blog/por-quem/ " -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Member Server not working
Hi, I have one Samba4 server running as Active Directory Domain Controller. It's working like a charm. So I needed to add another server to be a Member Server (File Server). The server is running samba-4.0.9. Configured and compiled ok: ./configure --prefix=/usr/local/samba --sysconfdir=/etc --localstatedir=/var --mandir=/usr/man --bindir=/usr/bin --sbindir=/usr/sbin --libdir=/lib --enable-fhs --with-ads --with-shared-modules=idmap_ad,pam Installed ok. Kerberos OK. I can run kinit and klist root@MYNETSRV08:/etc/samba# kinit Administrator Password for administra...@mynet.net: root@MYSRV08:/etc/samba# root@MYNETSRV08:/etc/samba# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@mynet.net Valid startingExpires Service principal 28/08/2013 19:59 29/08/2013 05:59 krbtgt/mynet@mynet.net renew until 29/08/2013 19:59 root@MYNETSRV08:/etc/samba# My SMB.CONF is below: [global] workgroup = MYNET security = ADS realm = MYNET.NET encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 70001-8 idmap config MYNET:backend = ad idmap config MYNET:schema_mode = rfc2307 idmap config MYNET:range = 500-4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes [test] path = /mnt/files read only = no I can add my server to domain: root@PCOSRV08:/etc/samba# net ads join -U administrator Enter administrator's password: Using short domain name -- MYNET Joined 'MYNETSRV08' to dns domain 'mynet.net' root@MYNETSRV08:/etc/samba# libnss_winbind.so is in the right place: root@MYNETSRV08:/etc/samba# ls /lib/libnss_winbind.so* /lib/libnss_winbind.so /lib/libnss_winbind.so.2 The libs are loaded fine: root@MYNETSRV08:/etc/samba# ldconfig -v | grep libnss libnss_hesiod.so.2 -> libnss_hesiod-2.13.so libnss_compat.so.2 -> libnss_compat-2.13.so libnss_dns.so.2 -> libnss_dns-2.13.so libnss_ldap.so.2 -> libnss_ldap.so.2 libnss_nis.so.2 -> libnss_nis-2.13.so libnss_nisplus.so.2 -> libnss_nisplus-2.13.so libnss_files.so.2 -> libnss_files-2.13.so libnss_wins.so -> libnss_wins.so.2 libnss_winbind.so -> libnss_winbind.so.2 libnss_hesiod.so.2 -> libnss_hesiod-2.13.so libnss_compat.so.2 -> libnss_compat-2.13.so libnss_dns.so.2 -> libnss_dns-2.13.so libnss_nis.so.2 -> libnss_nis-2.13.so libnss_nisplus.so.2 -> libnss_nisplus-2.13.so libnss_files.so.2 -> libnss_files-2.13.so root@MYNETSRV08:/etc/samba# I added winbind to my nsswitch.conf passwd: compat winbind group: compat winbind I can start the daemon without issues: smbd nmbd winbindd "wbinfo -u" list all my domain users "wbinfo -g" list all my domain groups Here is the problems: When I run "getent passwd", it lists only the local users. When I run "id Administrator", it returns "No such user". If I try to access the share defined in smb.conf, the server does not recognizes my user/password. I'm lost. Thanks in advance. -- http://www.endomondo.com/profile/3312580 Veja: " http://naofoiacidente.org/blog/por-quem/ " -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba