From owner-freebsd-questions@freebsd.org Fri Jul 15 16:10:40 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3DBE1B9A6B9 for ; Fri, 15 Jul 2016 16:10:40 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA HLL ISSUER 01" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 123AA1471 for ; Fri, 15 Jul 2016 16:10:39 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 845C561350; Fri, 15 Jul 2016 12:10:38 -0400 (EDT) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tscAs3CFR-hP; Fri, 15 Jul 2016 12:10:35 -0400 (EDT) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 0EA84612CE; Fri, 15 Jul 2016 12:10:35 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca; s=dkim_hll; t=1468599035; bh=hJNS5u87JDI4NyyBAqh1vNBejHhPYpUNRBMMt4t07iQ=; h=In-Reply-To:References:Date:Subject:From:To:Reply-To; b=OG6z6acAZV8OogsjCr98tSzItJbo7VNAQJKEbl2cA9n8mjcKa3AUcWE1mi9ZGxPq6 lmlzgE6qT8WIqdsCUk/a8EPTqcUD4saTBnaLDXy31EzAJ/kY1F6NU87miGQmBlzOxK 3Bgfl7y4yFkxt0KGR3LEHaza6gFxvjEYmN1GMoXr0OegBH5QTAjlSyirIJlu/hKH3/ ND8ECrQLAxTBUBKRG+8I8NngjrS8l3qGDQJI3yfid/AFPBi8tEnou1JLB/lepa8NK3 sSnpRWcS3hF0MB+KWE5xqj4GD5d3uGoDrXP2OU8dUzGkAWnXLVvJ7ivlMUPSH4P2us yQWm7kGfltFtg== Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Fri, 15 Jul 2016 12:10:35 -0400 Message-ID: <5b73bb737f6f8b634a23a750278ed380.squirrel@webmail.harte-lyne.ca> In-Reply-To: References: <2274e7b35315141ce5695105c4e82ad3.squirrel@webmail.harte-lyne.ca> Date: Fri, 15 Jul 2016 12:10:35 -0400 Subject: Re: Samba-4.3 on FreeBSD-10.3 From: "James B. Byrne" To: samba@lists.samba.org, freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-4.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2016 16:10:40 -0000 On Fri, July 15, 2016 10:56, James B. Byrne wrote: > Reply cross-posted to FreeBSD list. > > On Fri, July 15, 2016 09:31, James B. Byrne wrote: >> I have created a Samab AD-DC on a FreeBSZD-10.3 host. The setup >> checks out and I am able to join the domain from a Win7 workstation >> and run the ADUC management console in RAST. I have opened the UNIX >> Attributed properties tab for "Domain Admins" in the ADUC and set >> the >> unix properties. >> >> However, I get this notice "UNIX Attributes Unwilling To Perform" >> and >> after making the changes I cannot get this test to pass: >> >> getent group "Domain Admins" >> >> returns nothing. >> >> From what I have found from searching it appears that the issue is >> related to settings in /etc/nsswitch.conf. However, I cannot find >> an >> authoritative reference as to what these settings should be for >> Samba43. Can anyone provide me with such a reference or >> authoratiavely state what the settings should be? >> >> The default settings for FreeBSD-10.3 in /etc/nsswitch.conf are: >> >> # >> # nsswitch.conf(5) - name service switch configuration file >> # $FreeBSD: releng/10.3/etc/nsswitch.conf 224765 2011-08-10 >> 20:52:02Z >> dougb $ >> # >> group: compat >> group_compat: nis >> hosts: files dns >> networks: files >> passwd: compat >> passwd_compat: nis >> shells: files >> services: compat >> services_compat: nis >> protocols: files >> rpc: files >> >> Any help with this is gratefully appreciated. >> >> > > Rowland penny rpenny at samba.org > Fri Jul 15 14:23:10 UTC 2016 >> >>> Well, if it was Linux, you would change: >>> >>> >>> passwd: compat >>> group: compat >>> >>> To >>> >>> passwd: compat winbind >>> group: compat winbind >>> >>> You would also need to set up the libnss_winbind links, see here >>> for >>> Linux info: >>> >>> https://wiki.samba.org/index.php/Libnss_winbind_links >>> >>> I suspect you will require something very similar >>> >>> Rowland >>> > > The FreeBSD manpage says this about nsswitch WRT compat: > > compat support `+/-' in the ``passwd'' and ``group'' databases. > If this is present, it must be the only source for that entry. > > Likewise there are no libnss_windbind.so files of nay description on > the FreeBSD system. The nearest to this I could find is: > > find / -name \*libnss\* > /usr/local/lib/samba/libnss-info-samba4.so > > I think that this is a configuration issue but I cannot tell where or > what I am to change to get this to work on FreeBSD. There is nothing > the the FreeBSD handbook that covers setting up an AD-DC in any detail > beyond the bare acknowledgement that it is possible. > > I am cross-posting this to the BSD in case anyone on the BSD list > reads this and has an answer specific to BSD. I would appreciate > receiving the information form any source. > > Thanks, > I experimented and changed the entries in nsswitch.conf to passwd: files winbind group: files winbind and things seemed to work thereafter. The combination 'group: compat winbind' definitely does not work. If someone has a reference where this information is provided then I would be most appreciative if you could send it to me. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3