Date: Fri, 15 Jul 2016 10:56:23 -0400 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: samba@lists.samba.org Cc: freebsd-questions@freebsd.org Subject: Re: Samba-4.3 on FreeBSD-10.3 Message-ID: <c1f6e5334caef86e58a3841864b983fd.squirrel@webmail.harte-lyne.ca> In-Reply-To: <2274e7b35315141ce5695105c4e82ad3.squirrel@webmail.harte-lyne.ca> References: <2274e7b35315141ce5695105c4e82ad3.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Reply cross-posted to FreeBSD list. On Fri, July 15, 2016 09:31, James B. Byrne wrote: > I have created a Samab AD-DC on a FreeBSZD-10.3 host. The setup > checks out and I am able to join the domain from a Win7 workstation > and run the ADUC management console in RAST. I have opened the UNIX > Attributed properties tab for "Domain Admins" in the ADUC and set the > unix properties. > > However, I get this notice "UNIX Attributes Unwilling To Perform" and > after making the changes I cannot get this test to pass: > > getent group "Domain Admins" > > returns nothing. > > From what I have found from searching it appears that the issue is > related to settings in /etc/nsswitch.conf. However, I cannot find an > authoritative reference as to what these settings should be for > Samba43. Can anyone provide me with such a reference or > authoratiavely state what the settings should be? > > The default settings for FreeBSD-10.3 in /etc/nsswitch.conf are: > > # > # nsswitch.conf(5) - name service switch configuration file > # $FreeBSD: releng/10.3/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z > dougb $ > # > group: compat > group_compat: nis > hosts: files dns > networks: files > passwd: compat > passwd_compat: nis > shells: files > services: compat > services_compat: nis > protocols: files > rpc: files > > Any help with this is gratefully appreciated. > > Rowland penny rpenny at samba.org Fri Jul 15 14:23:10 UTC 2016 > >> Well, if it was Linux, you would change: >> >> >> passwd: compat >> group: compat >> >> To >> >> passwd: compat winbind >> group: compat winbind >> >> You would also need to set up the libnss_winbind links, see here for >> Linux info: >> >> https://wiki.samba.org/index.php/Libnss_winbind_links >> >> I suspect you will require something very similar >> >> Rowland >> The FreeBSD manpage says this about nsswitch WRT compat: compat support `+/-' in the ``passwd'' and ``group'' databases. If this is present, it must be the only source for that entry. Likewise there are no libnss_windbind.so files of nay description on the FreeBSD system. The nearest to this I could find is: find / -name \*libnss\* /usr/local/lib/samba/libnss-info-samba4.so I think that this is a configuration issue but I cannot tell where or what I am to change to get this to work on FreeBSD. There is nothing the the FreeBSD handbook that covers setting up an AD-DC in any detail beyond the bare acknowledgement that it is possible. I am cross-posting this to the BSD in case anyone on the BSD list reads this and has an answer specific to BSD. I would appreciate receiving the information form any source. Thanks, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c1f6e5334caef86e58a3841864b983fd.squirrel>