Discussion:
Samba-4.3 on FreeBSD-10.3
(too old to reply)
James B. Byrne via freebsd-questions
2016-07-15 14:56:23 UTC
Permalink
Reply cross-posted to FreeBSD list.
I have created a Samab AD-DC on a FreeBSZD-10.3 host. The setup
checks out and I am able to join the domain from a Win7 workstation
and run the ADUC management console in RAST. I have opened the UNIX
Attributed properties tab for "Domain Admins" in the ADUC and set the
unix properties.
However, I get this notice "UNIX Attributes Unwilling To Perform" and
getent group "Domain Admins"
returns nothing.
From what I have found from searching it appears that the issue is
related to settings in /etc/nsswitch.conf. However, I cannot find an
authoritative reference as to what these settings should be for
Samba43. Can anyone provide me with such a reference or
authoratiavely state what the settings should be?
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/10.3/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z
dougb $
#
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
Any help with this is gratefully appreciated.
Rowland penny rpenny at samba.org
Fri Jul 15 14:23:10 UTC 2016
passwd: compat
group: compat
To
passwd: compat winbind
group: compat winbind
You would also need to set up the libnss_winbind links, see here for
https://wiki.samba.org/index.php/Libnss_winbind_links
I suspect you will require something very similar
Rowland
The FreeBSD manpage says this about nsswitch WRT compat:

compat support `+/-' in the ``passwd'' and ``group'' databases.
If this is present, it must be the only source for that entry.

Likewise there are no libnss_windbind.so files of nay description on
the FreeBSD system. The nearest to this I could find is:

find / -name \*libnss\*
/usr/local/lib/samba/libnss-info-samba4.so

I think that this is a configuration issue but I cannot tell where or
what I am to change to get this to work on FreeBSD. There is nothing
the the FreeBSD handbook that covers setting up an AD-DC in any detail
beyond the bare acknowledgement that it is possible.

I am cross-posting this to the BSD in case anyone on the BSD list
reads this and has an answer specific to BSD. I would appreciate
receiving the information form any source.

Thanks,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne mailto:***@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
James B. Byrne via freebsd-questions
2016-07-15 16:10:35 UTC
Permalink
Post by James B. Byrne via freebsd-questions
Reply cross-posted to FreeBSD list.
I have created a Samab AD-DC on a FreeBSZD-10.3 host. The setup
checks out and I am able to join the domain from a Win7 workstation
and run the ADUC management console in RAST. I have opened the UNIX
Attributed properties tab for "Domain Admins" in the ADUC and set
the
unix properties.
However, I get this notice "UNIX Attributes Unwilling To Perform"
and
getent group "Domain Admins"
returns nothing.
From what I have found from searching it appears that the issue is
related to settings in /etc/nsswitch.conf. However, I cannot find
an
authoritative reference as to what these settings should be for
Samba43. Can anyone provide me with such a reference or
authoratiavely state what the settings should be?
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/10.3/etc/nsswitch.conf 224765 2011-08-10
20:52:02Z
dougb $
#
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
Any help with this is gratefully appreciated.
Rowland penny rpenny at samba.org
Fri Jul 15 14:23:10 UTC 2016
passwd: compat
group: compat
To
passwd: compat winbind
group: compat winbind
You would also need to set up the libnss_winbind links, see here
for
https://wiki.samba.org/index.php/Libnss_winbind_links
I suspect you will require something very similar
Rowland
compat support `+/-' in the ``passwd'' and ``group'' databases.
If this is present, it must be the only source for that entry.
Likewise there are no libnss_windbind.so files of nay description on
find / -name \*libnss\*
/usr/local/lib/samba/libnss-info-samba4.so
I think that this is a configuration issue but I cannot tell where or
what I am to change to get this to work on FreeBSD. There is nothing
the the FreeBSD handbook that covers setting up an AD-DC in any detail
beyond the bare acknowledgement that it is possible.
I am cross-posting this to the BSD in case anyone on the BSD list
reads this and has an answer specific to BSD. I would appreciate
receiving the information form any source.
Thanks,
I experimented and changed the entries in nsswitch.conf to

passwd: files winbind
group: files winbind

and things seemed to work thereafter.

The combination 'group: compat winbind' definitely does not work.

If someone has a reference where this information is provided then I
would be most appreciative if you could send it to me.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne mailto:***@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Loading...