Rowland Penny
2012-08-29 14:51:25 UTC
Hi,
As some of you may know, I have been testing nmbd,smbd & winbindd from
Samba 4 as a client.
Well, after a good bit of testing and scratching of head, I have come to
the conclusion that something in the /usr/local/samba/sbin/winbindd
daemon is broken.
If, on a Samba 3.6.3 client, I type the command 'getent group', I only
get the local users, on the Samba 4 client I get the local users plus
ALL the domain groups, but all the info is the domain info not the POSIX
info, for example:
domain_admins:x:1117:administrator
On the S3 client 'getent group Domain\ Computers' returns nothing
because 'Domain Computers' is not a POSIX group, but on the S4 client
'getent group Domain\ Computers' returns:
domain_computers:x:1114:
With 'getent passwd rowland' it is just the same, samba4 client returns:
rowland:*:1105:1103:rowland:/home/HOME/rowland:/bin/bash
This is what the S3 client returns:
rowland:*:3000016:3000012:rowland:/home/HOME/linuxusers/rowland:/bin/bash
A bit different isn't it? and the S3 client returns the same info that
the samba4 server does
This is what is in the smb.conf on both clients:
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
idmap config HOME:schema_mode = rfc2307
idmap config HOME:range = 20000-3100000
idmap config HOME:backend = ad
idmap config *:range = 1100-2000
idmap config *:backend = tdb
I have created the symlink to libnss_winbind.so.2, I get nothing without
this, I have also altered nsswitch.conf.
My feelings are that, winbindd on a samba4 client is ignoring the first
three idmap lines, but I do not know how to confirm this.
So, unless the idea is to move to just using ms domain info and
forgetting POSIX, I think that /usr/local/samba/sbin/winbindd is broken,
unless somebody has any other suggestions that I can try?
Rowland
As some of you may know, I have been testing nmbd,smbd & winbindd from
Samba 4 as a client.
Well, after a good bit of testing and scratching of head, I have come to
the conclusion that something in the /usr/local/samba/sbin/winbindd
daemon is broken.
If, on a Samba 3.6.3 client, I type the command 'getent group', I only
get the local users, on the Samba 4 client I get the local users plus
ALL the domain groups, but all the info is the domain info not the POSIX
info, for example:
domain_admins:x:1117:administrator
On the S3 client 'getent group Domain\ Computers' returns nothing
because 'Domain Computers' is not a POSIX group, but on the S4 client
'getent group Domain\ Computers' returns:
domain_computers:x:1114:
With 'getent passwd rowland' it is just the same, samba4 client returns:
rowland:*:1105:1103:rowland:/home/HOME/rowland:/bin/bash
This is what the S3 client returns:
rowland:*:3000016:3000012:rowland:/home/HOME/linuxusers/rowland:/bin/bash
A bit different isn't it? and the S3 client returns the same info that
the samba4 server does
This is what is in the smb.conf on both clients:
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
idmap config HOME:schema_mode = rfc2307
idmap config HOME:range = 20000-3100000
idmap config HOME:backend = ad
idmap config *:range = 1100-2000
idmap config *:backend = tdb
I have created the symlink to libnss_winbind.so.2, I get nothing without
this, I have also altered nsswitch.conf.
My feelings are that, winbindd on a samba4 client is ignoring the first
three idmap lines, but I do not know how to confirm this.
So, unless the idea is to move to just using ms domain info and
forgetting POSIX, I think that /usr/local/samba/sbin/winbindd is broken,
unless somebody has any other suggestions that I can try?
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.