From owner-freebsd-questions@freebsd.org Fri Jul 15 14:56:32 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9EE9CB9A787 for ; Fri, 15 Jul 2016 14:56:32 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA HLL ISSUER 01" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5EE8013C2 for ; Fri, 15 Jul 2016 14:56:32 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 563B361320; Fri, 15 Jul 2016 10:56:25 -0400 (EDT) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7ArXdyG91DC; Fri, 15 Jul 2016 10:56:23 -0400 (EDT) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id A2F97612CE; Fri, 15 Jul 2016 10:56:22 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca; s=dkim_hll; t=1468594583; bh=SfOmwHQ6l86F4M5P69aMTVv6ax6isZf2gwkGXqxy798=; h=In-Reply-To:References:Date:Subject:From:To:Cc:Reply-To; b=ktgjVabcAI0t3FfmNeN6Wer5phN1lSyLV4z6lpv1I4O12sQT2mHy6Cf1wwrJjVa3Q WlMTMcb2Xhjwfui1MXnHP9SnqgA/Cr8O0HFE/OInEkZ9rwSegZXH/sWOh797i/7xpa K1GPKoyDfHqMy5SRqiJXIysoOqIFM+FKHsjzlpl+fyFyRqKaYswqfJV1q1qOJhtrN8 OEqGLFBUk4qbOT93FV+wW1EXGkYdiNYnP9UydHjRzpCXIm14vOAUe4xW8DpDMrqBSU 0B3p1IEZ7KzLOeXxtUaqAP8cF6V07F5iWzYN2LDr4HNic1BY6ya5As+1bcMYP5jbok +DHFdlaMZ2X0Q== Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Fri, 15 Jul 2016 10:56:23 -0400 Message-ID: In-Reply-To: <2274e7b35315141ce5695105c4e82ad3.squirrel@webmail.harte-lyne.ca> References: <2274e7b35315141ce5695105c4e82ad3.squirrel@webmail.harte-lyne.ca> Date: Fri, 15 Jul 2016 10:56:23 -0400 Subject: Re: Samba-4.3 on FreeBSD-10.3 From: "James B. Byrne" To: samba@lists.samba.org Cc: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-4.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2016 14:56:32 -0000 Reply cross-posted to FreeBSD list. On Fri, July 15, 2016 09:31, James B. Byrne wrote: > I have created a Samab AD-DC on a FreeBSZD-10.3 host. The setup > checks out and I am able to join the domain from a Win7 workstation > and run the ADUC management console in RAST. I have opened the UNIX > Attributed properties tab for "Domain Admins" in the ADUC and set the > unix properties. > > However, I get this notice "UNIX Attributes Unwilling To Perform" and > after making the changes I cannot get this test to pass: > > getent group "Domain Admins" > > returns nothing. > > From what I have found from searching it appears that the issue is > related to settings in /etc/nsswitch.conf. However, I cannot find an > authoritative reference as to what these settings should be for > Samba43. Can anyone provide me with such a reference or > authoratiavely state what the settings should be? > > The default settings for FreeBSD-10.3 in /etc/nsswitch.conf are: > > # > # nsswitch.conf(5) - name service switch configuration file > # $FreeBSD: releng/10.3/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z > dougb $ > # > group: compat > group_compat: nis > hosts: files dns > networks: files > passwd: compat > passwd_compat: nis > shells: files > services: compat > services_compat: nis > protocols: files > rpc: files > > Any help with this is gratefully appreciated. > > Rowland penny rpenny at samba.org Fri Jul 15 14:23:10 UTC 2016 > >> Well, if it was Linux, you would change: >> >> >> passwd: compat >> group: compat >> >> To >> >> passwd: compat winbind >> group: compat winbind >> >> You would also need to set up the libnss_winbind links, see here for >> Linux info: >> >> https://wiki.samba.org/index.php/Libnss_winbind_links >> >> I suspect you will require something very similar >> >> Rowland >> The FreeBSD manpage says this about nsswitch WRT compat: compat support `+/-' in the ``passwd'' and ``group'' databases. If this is present, it must be the only source for that entry. Likewise there are no libnss_windbind.so files of nay description on the FreeBSD system. The nearest to this I could find is: find / -name \*libnss\* /usr/local/lib/samba/libnss-info-samba4.so I think that this is a configuration issue but I cannot tell where or what I am to change to get this to work on FreeBSD. There is nothing the the FreeBSD handbook that covers setting up an AD-DC in any detail beyond the bare acknowledgement that it is possible. I am cross-posting this to the BSD in case anyone on the BSD list reads this and has an answer specific to BSD. I would appreciate receiving the information form any source. Thanks, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3