I've setup a Samba 4 AD domain controller on Debian Jessie (samba 4.2.10). Everything's working fine, except that winbind gives wrong user/group information.
I have a sample user "testuser" and a security group "people". Their UNIX attributes are setup as follows:
Yet winbind shows this:
root@agnus:~# wbinfo -i testuser
testuser:*:10010:100:Test User:/home/HOME/testuser:/bin/false
The UID matches, but everything else is wrong.
My smb.conf contains this:
# Global parameters
[global]
workgroup = HOME
realm = HOME.LOCAL
netbios name = AGNUS
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config HOME:backend = ad
idmap config HOME:schema_mode = rfc2307
idmap config HOME:range = 10000-99999
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind normalize names = yes
winbind use default domain = yes
winbind refresh tickets = yes
[netlogon]
path = /var/lib/samba/sysvol/home.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
What's wrong with my setup?
Best Answer
Basicly nothing. Your missing the Template lines since your using samba 4 AD DC. Samba 4.2 and 4.3 have different behaivor with getent passwd or wbinfo -u or id.
If possible update to 4.4.3 , google for the debs in the samba list. They work good. samba 4.4.3 needs winbind to be installed also, ADDC and member, but ! all outputs now can be these same.
and about the template lines.
add these to your DC smb.conf.
Last thing, do read : https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/ setup like this really makes it more easy. more questions, ask the samba list.