Samba-4.3 on FreeBSD-10.3
James B. Byrne
byrnejb at harte-lyne.ca
Fri Jul 15 16:10:40 UTC 2016
On Fri, July 15, 2016 10:56, James B. Byrne wrote:
> Reply cross-posted to FreeBSD list.
>
> On Fri, July 15, 2016 09:31, James B. Byrne wrote:
>> I have created a Samab AD-DC on a FreeBSZD-10.3 host. The setup
>> checks out and I am able to join the domain from a Win7 workstation
>> and run the ADUC management console in RAST. I have opened the UNIX
>> Attributed properties tab for "Domain Admins" in the ADUC and set
>> the
>> unix properties.
>>
>> However, I get this notice "UNIX Attributes Unwilling To Perform"
>> and
>> after making the changes I cannot get this test to pass:
>>
>> getent group "Domain Admins"
>>
>> returns nothing.
>>
>> From what I have found from searching it appears that the issue is
>> related to settings in /etc/nsswitch.conf. However, I cannot find
>> an
>> authoritative reference as to what these settings should be for
>> Samba43. Can anyone provide me with such a reference or
>> authoratiavely state what the settings should be?
>>
>> The default settings for FreeBSD-10.3 in /etc/nsswitch.conf are:
>>
>> #
>> # nsswitch.conf(5) - name service switch configuration file
>> # $FreeBSD: releng/10.3/etc/nsswitch.conf 224765 2011-08-10
>> 20:52:02Z
>> dougb $
>> #
>> group: compat
>> group_compat: nis
>> hosts: files dns
>> networks: files
>> passwd: compat
>> passwd_compat: nis
>> shells: files
>> services: compat
>> services_compat: nis
>> protocols: files
>> rpc: files
>>
>> Any help with this is gratefully appreciated.
>>
>>
>
> Rowland penny rpenny at samba.org
> Fri Jul 15 14:23:10 UTC 2016
>>
>>> Well, if it was Linux, you would change:
>>>
>>>
>>> passwd: compat
>>> group: compat
>>>
>>> To
>>>
>>> passwd: compat winbind
>>> group: compat winbind
>>>
>>> You would also need to set up the libnss_winbind links, see here
>>> for
>>> Linux info:
>>>
>>> https://wiki.samba.org/index.php/Libnss_winbind_links
>>>
>>> I suspect you will require something very similar
>>>
>>> Rowland
>>>
>
> The FreeBSD manpage says this about nsswitch WRT compat:
>
> compat support `+/-' in the ``passwd'' and ``group'' databases.
> If this is present, it must be the only source for that entry.
>
> Likewise there are no libnss_windbind.so files of nay description on
> the FreeBSD system. The nearest to this I could find is:
>
> find / -name \*libnss\*
> /usr/local/lib/samba/libnss-info-samba4.so
>
> I think that this is a configuration issue but I cannot tell where or
> what I am to change to get this to work on FreeBSD. There is nothing
> the the FreeBSD handbook that covers setting up an AD-DC in any detail
> beyond the bare acknowledgement that it is possible.
>
> I am cross-posting this to the BSD in case anyone on the BSD list
> reads this and has an answer specific to BSD. I would appreciate
> receiving the information form any source.
>
> Thanks,
>
I experimented and changed the entries in nsswitch.conf to
passwd: files winbind
group: files winbind
and things seemed to work thereafter.
The combination 'group: compat winbind' definitely does not work.
If someone has a reference where this information is provided then I
would be most appreciative if you could send it to me.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the freebsd-questions
mailing list