非標準目錄中的 Solaris 11 和 samba4，除手指外均可使用

samba 的 Oracle 打包版本給了我一些問題（krb5 錯誤並且沒有加入 AD samba4 伺服器）。所以我使用IPS最新版本的samba（4.3.13）自己重新編譯。編譯 30 分鐘後，我的 samba4 就安裝好了。一切正常：net ads join OK, wbinfo OK, wbinfo -i user OK，除了兩件事：id winbinduser和finger winbinduser。我已經用這個骯髒但有效的解決方案解決了 id 問題（最好將這些文件放在清單和標準位置，但我想避免與 Oracle samba 標準包衝突）。

ln -sf /opt/gm/lib/nss_winbind.so.1 /usr/lib/amd64/nss_winbind.so.1
ln -sf /opt/gm/lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.1
ln -sf /opt/gm/lib/security/pam_winbind.so /usr/lib/security/amd64/pam_winbind.so
ln -sf /opt/gm/lib/security/pam_winbind.so /usr/lib/security/amd64/pam_winbind.so.1
ln -sf /opt/gm/lib/security/pam_winbind.so /usr/lib/security/pam_winbind.so
ln -sf /opt/gm/lib/security/pam_winbind.so /usr/lib/security/pam_winbind.so.1

Id 工作，但手指保持靜音。我想念什麼？

id pino
uid=10005(pino) gid=10016(domain users)
root@solaris11:~# finger !$
finger pino
Login name: pino                        In real life: ???

這是 nsswitch.conf

passwd: files winbind
group:  files winbind
hosts:  files dns wins
ipnodes:        files dns wins
networks:       files
protocols:      files
rpc:    files
ethers: files
netmasks:       files
bootparams:     files
publickey:      files 
netgroup:       ldap
automount:      files 
aliases:        files 
services:       files
project:        files 
auth_attr:      files 
prof_attr:      files
tnrhtp: files 
tnrhdb: files 
sudoers:        files

這是桁架的輸出。

找到解決方案。是winbind記憶體文件的問題，而不是庫的問題。在 smb.conf 添加這些行之後

# Winbind
winbind enum groups = yes
winbind enum users = yes

並重新啟動 winbind inger 工作正常，還有 getent passwd 和 getent group。

finger pino
Login name: pino                        
Directory: /export/home/pino            Shell: /usr/bin/bash
Never logged in.
No unread mail
No Plan.

如果有興趣，這是我用於 Solaris 11 客戶端的 smb.conf

[global]
workgroup = MYDOM
server string = solaris11
netbios name = SOLARIS11
server role = standalone server
hosts allow = 10.3.0.
log file = /var/opt/gm/log/samba/samba.%m
max log size = 50
realm = mydom.priv
dns proxy = no 
kerberos method = secrets and keytab
server signing = mandatory
client signing = mandatory
smb encrypt = mandatory
restrict anonymous = 2
log level = 1
server min protocol = SMB3
client max protocol = SMB3
name resolve order = bcast lmhosts host wins
local master = No
preferred master = No
bind interfaces only = Yes
local master = No
preferred master = No
winbind use default domain = Yes
ldap admin dn = cn=ldapadm,dc=ldap2,dc=mydom,dc=priv
security = ads
ldap ssl = start tls
tls verify peer = no_check
template homedir = /export/home/%U
template shell = /usr/bin/bash
password hash userPassword schemes = CryptSHA512:rounds=7000

# Winbind
winbind enum groups = yes
winbind enum users = yes

idmap config * : backend      = ldap
idmap config * : range        = 10000-20000
idmap config * : ldap_url     = ldap://ldap2.mydom.priv
idmap config * : ldap_base_dn = ou=idmap,dc=ldap2,dc=mydom,dc=priv
idmap config * : ldap_user_dn = cn=ldapadm,dc=ldap2,dc=mydom,dc=priv

如果您正確設置了 smb.conf，它可能會有所幫助，您不要將 winbind ldap 後端與 Samba AD 一起使用，而且您應該只使用“winbind enum”行進行測試。試試這個 smb.conf：

[global]
workgroup = MYDOM
server string = solaris11
realm = MYDOM.PRIV
security = ads
hosts allow = 10.3.0.
log file = /var/opt/gm/log/samba/samba.%m
max log size = 50
dns proxy = no 
kerberos method = secrets and keytab
server signing = mandatory
client signing = mandatory
smb encrypt = mandatory
restrict anonymous = 2
log level = 1
server min protocol = SMB3
client max protocol = SMB3
local master = No
preferred master = No
bind interfaces only = Yes
local master = No
preferred master = No
winbind use default domain = Yes
template homedir = /export/home/%U
template shell = /usr/bin/bash

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config MYDOM : backend = rid
idmap config MYDOM : range = 10000-20000

最後，從 /etc/nsswitch.conf 中刪除“wins”

引用自：https://unix.stackexchange.com/questions/630658