Samba
Winbind works, mapping to UNIX ID's does not
Alpine doesn't use NSS because of MUSL, need other way of mapping, /etc/samba/user.map requires passwords between AD and UNIX to be in Sync. Maybe switch to SSSD?
kinit administrator@ISLIEF.COM klist
wbinfo -u wbinfo -g wbinfo -i ISLIEF/Administrator administrator:*:3500:3513::/home/ISLIEF/administrator:/bin/false
wbinfo -s S-1-5-21-870187001-592863278-1011463606-1604 ISLIEF/jan 1
wbinfo -n ISLIEF/jan
wbinfo -a jan Enter jan's password: plaintext password authentication succeeded Enter jan's password: challenge/response password authentication succeeded
wbinfo -S S-1-5-21-870187001-592863278-1011463606-1604 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-870187001-592863278-1011463606-1604 to uid
wbinfo -r ISLIEF/administrator 3500 3513 3572 3518 3519 3520 3512 2001 2000
wbinfo -i ISLIEF/jan failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user ISLIEF/jan
smbclient -L //10.0.0.5 -U ISLIEF/jan Password for [ISLIEF\jan]: session setup failed: NT_STATUS_LOGON_FAILURE
https://www.suse.com/support/kb/doc/?id=000017458
NSCD
samba4 as active directory member using winbind to lookup user doesn't work on Alpine Linux because MUSL doesn't use nsswitch, however with musl nscd from pikhq authentication works, but only if the /usr/sbin/nscd process is running while trying an authentication is tried, the authentication hangs until the nscd process is stopped.
https://github.com/pikhq/musl-nscd/blob/master/src/cache.c
I haven't figured out where and why this works, but it is around cache_getpwuid_r
COMPARISON() (res->p.pw_uid == id)
Included in the call is a header, with the actual query between
pthread_rwlock_rdlock(&CACHE.lock);
ret = NSS_STATUS_SUCCESS;
pthread_rwlock_unlock(&CACHE.lock);
https://github.com/pikhq/musl-nscd/blob/master/include/cache_query.h#L39
gdb /usr/sbin/nscd
info functions
thread apply all backtrace
gdb /usr/sbin/nscd <coredump> -ex "thread apply all bt" -ex "quit" > output.log
set logging enabled on
set confirm off
set height off
rbreak ^s[^@]*$
thread apply all backtrace
gprof /usr/sbin/nscd
accept(3, NULL, NULL) = 4
futex(0x56536d729fb8, FUTEX_WAKE_PRIVATE, 2147483647) = 1
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
accept(3, NULL, NULL) = 4
futex(0x56536d729fb8, FUTEX_WAKE_PRIVATE, 2147483647) = 1
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
accept(3, NULL, NULL) = 6
futex(0x56536d7292e0, FUTEX_WAIT_PRIVATE, 2147483648, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGINT {si_signo=SIGINT, si_code=SI_KERNEL} ---
smb.conf
[global]
allow insecure wide links = Yes
bind interfaces only = Yes
client min protocol = SMB2
dedicated keytab file = /etc/krb5.keytab
disable netbios = Yes
disable spoolss = Yes
dos charset = cp866
interfaces = lo wg0 lan
kerberos method = secrets and keytab
log level = 3 passdb:5 auth:5
ntlm auth = mschapv2-and-ntlmv2-only
printcap name = /dev/null
realm = ISLIEF.COM
restrict anonymous = 2
security = ADS
server min protocol = SMB2
server role = member server
server string = Samba Server
smb ports = 445
template homedir = /home/%U
template shell = /bin/ash
unix charset = utf-8
username map = /etc/samba/user.map
winbind cache time = 3600
winbind enum groups = Yes
winbind enum users = Yes
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind separator = /
winbind use default domain = Yes
workgroup = ISLIEF
idmap_ldb:use rfc2307 = Yes
idmap config * : backend = tdb
idmap config * : range = 2000-2999
idmap config islief:range = 3000-9999999
idmap config islief:backend = rid
map acl inherit = Yes
store dos attributes = Yes
[share]
path = /share
read only = No
valid users = ISLIEF/me
[homes]
comment = Home Directories
read only = No
valid users = %S