Samba-4.3 on FreeBSD-10.3

James B. Byrne byrnejb at harte-lyne.ca
Fri Jul 15 14:56:32 UTC 2016 

Reply cross-posted to FreeBSD list.

On Fri, July 15, 2016 09:31, James B. Byrne wrote:
> I have created a Samab AD-DC on a FreeBSZD-10.3 host.  The setup
> checks out and I am able to join the domain from a Win7 workstation
> and run the ADUC management console in RAST.  I have opened the UNIX
> Attributed properties tab for "Domain Admins" in the ADUC and set the
> unix properties.
>
> However, I get this notice "UNIX Attributes Unwilling To Perform" and
> after making the changes I cannot get this test to pass:
>
> getent group "Domain Admins"
>
> returns nothing.
>
> From what I have found from searching it appears that the issue is
> related to settings in /etc/nsswitch.conf.  However, I cannot find an
> authoritative reference as to what these settings should be for
> Samba43.  Can anyone provide me with such a reference or
> authoratiavely state what the settings should be?
>
> The default settings for FreeBSD-10.3 in /etc/nsswitch.conf are:
>
> #
> # nsswitch.conf(5) - name service switch configuration file
> # $FreeBSD: releng/10.3/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z
> dougb $
> #
> group: compat
> group_compat: nis
> hosts: files dns
> networks: files
> passwd: compat
> passwd_compat: nis
> shells: files
> services: compat
> services_compat: nis
> protocols: files
> rpc: files
>
> Any help with this is gratefully appreciated.
>
>

Rowland penny rpenny at samba.org
Fri Jul 15 14:23:10 UTC 2016
>
>> Well, if it was Linux, you would change:
>>
>>
>> passwd: compat
>> group: compat
>>
>> To
>>
>> passwd: compat winbind
>> group: compat winbind
>>
>> You would also need to set up the libnss_winbind links, see here for
>> Linux info:
>>
>> https://wiki.samba.org/index.php/Libnss_winbind_links
>>
>> I suspect you will require something very similar
>>
>> Rowland
>>

The FreeBSD manpage says this about nsswitch WRT compat:

compat  support `+/-' in the ``passwd'' and ``group'' databases.
        If this is present, it must be the only source for that entry.

Likewise there are no libnss_windbind.so files of nay description on
the FreeBSD system.  The nearest to this I could find is:

find / -name \*libnss\*
/usr/local/lib/samba/libnss-info-samba4.so

I think that this is a configuration issue but I cannot tell where or
what I am to change to get this to work on FreeBSD.  There is nothing
the the FreeBSD handbook that covers setting up an AD-DC in any detail
beyond the bare acknowledgement that it is possible.

I am cross-posting this to the BSD in case anyone on the BSD list
reads this and has an answer specific to BSD. I would appreciate
receiving the information form any source.

Thanks,

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list