Date: Fri, 15 Jul 2016 12:10:35 -0400 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: samba@lists.samba.org, freebsd-questions@freebsd.org Subject: Re: Samba-4.3 on FreeBSD-10.3 Message-ID: <5b73bb737f6f8b634a23a750278ed380.squirrel@webmail.harte-lyne.ca> In-Reply-To: <c1f6e5334caef86e58a3841864b983fd.squirrel@webmail.harte-lyne.ca> References: <2274e7b35315141ce5695105c4e82ad3.squirrel@webmail.harte-lyne.ca> <c1f6e5334caef86e58a3841864b983fd.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, July 15, 2016 10:56, James B. Byrne wrote: > Reply cross-posted to FreeBSD list. > > On Fri, July 15, 2016 09:31, James B. Byrne wrote: >> I have created a Samab AD-DC on a FreeBSZD-10.3 host. The setup >> checks out and I am able to join the domain from a Win7 workstation >> and run the ADUC management console in RAST. I have opened the UNIX >> Attributed properties tab for "Domain Admins" in the ADUC and set >> the >> unix properties. >> >> However, I get this notice "UNIX Attributes Unwilling To Perform" >> and >> after making the changes I cannot get this test to pass: >> >> getent group "Domain Admins" >> >> returns nothing. >> >> From what I have found from searching it appears that the issue is >> related to settings in /etc/nsswitch.conf. However, I cannot find >> an >> authoritative reference as to what these settings should be for >> Samba43. Can anyone provide me with such a reference or >> authoratiavely state what the settings should be? >> >> The default settings for FreeBSD-10.3 in /etc/nsswitch.conf are: >> >> # >> # nsswitch.conf(5) - name service switch configuration file >> # $FreeBSD: releng/10.3/etc/nsswitch.conf 224765 2011-08-10 >> 20:52:02Z >> dougb $ >> # >> group: compat >> group_compat: nis >> hosts: files dns >> networks: files >> passwd: compat >> passwd_compat: nis >> shells: files >> services: compat >> services_compat: nis >> protocols: files >> rpc: files >> >> Any help with this is gratefully appreciated. >> >> > > Rowland penny rpenny at samba.org > Fri Jul 15 14:23:10 UTC 2016 >> >>> Well, if it was Linux, you would change: >>> >>> >>> passwd: compat >>> group: compat >>> >>> To >>> >>> passwd: compat winbind >>> group: compat winbind >>> >>> You would also need to set up the libnss_winbind links, see here >>> for >>> Linux info: >>> >>> https://wiki.samba.org/index.php/Libnss_winbind_links >>> >>> I suspect you will require something very similar >>> >>> Rowland >>> > > The FreeBSD manpage says this about nsswitch WRT compat: > > compat support `+/-' in the ``passwd'' and ``group'' databases. > If this is present, it must be the only source for that entry. > > Likewise there are no libnss_windbind.so files of nay description on > the FreeBSD system. The nearest to this I could find is: > > find / -name \*libnss\* > /usr/local/lib/samba/libnss-info-samba4.so > > I think that this is a configuration issue but I cannot tell where or > what I am to change to get this to work on FreeBSD. There is nothing > the the FreeBSD handbook that covers setting up an AD-DC in any detail > beyond the bare acknowledgement that it is possible. > > I am cross-posting this to the BSD in case anyone on the BSD list > reads this and has an answer specific to BSD. I would appreciate > receiving the information form any source. > > Thanks, > I experimented and changed the entries in nsswitch.conf to passwd: files winbind group: files winbind and things seemed to work thereafter. The combination 'group: compat winbind' definitely does not work. If someone has a reference where this information is provided then I would be most appreciative if you could send it to me. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5b73bb737f6f8b634a23a750278ed380.squirrel>