On 2016-08-09 at 17:58 +0100, Rowland Penny via samba wrote:> On Tue, 9 Aug 2016 13:37:18 -0300 > francis picabia <fpicabia at gmail.com> wrote: > > > > > > getent passwd username > > > > (or "theusername") is not the literal command. I substitute > > 'username' here to protect the user id. > > genent passwd on the user does work and it returns uid and gui of > > 1000, exactly what we see in the /etc/passwd file. It is the same > > output as grep 'username' on /etc/passwd > > > > Remember, when winbind is off, it works. This is certainly bug 10604 > > by all measures. > > And I think you have just posted your problem! > > Lets use 'fred' as one of your users, replace 'fred' with a real users > name > > Do you have a user called 'fred' in /etc/passwd *and* in AD ? > > If so, choose one and then delete the other, you cannot have them in > both.*Not* setting 'winbind use default domain = yes' will allow you to have them both. And they will be what they shoult be: two different users. With different unix IDs. Cheers - Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20160809/9d71cc2b/signature.sig>
On Tue, Aug 09, 2016 at 07:50:12PM +0200, Michael Adam via samba wrote:> On 2016-08-09 at 17:58 +0100, Rowland Penny via samba wrote: > > On Tue, 9 Aug 2016 13:37:18 -0300 > > francis picabia <fpicabia at gmail.com> wrote: > > > > > > > > > > getent passwd username > > > > > > (or "theusername") is not the literal command. I substitute > > > 'username' here to protect the user id. > > > genent passwd on the user does work and it returns uid and gui of > > > 1000, exactly what we see in the /etc/passwd file. It is the same > > > output as grep 'username' on /etc/passwd > > > > > > Remember, when winbind is off, it works. This is certainly bug 10604 > > > by all measures. > > > > And I think you have just posted your problem! > > > > Lets use 'fred' as one of your users, replace 'fred' with a real users > > name > > > > Do you have a user called 'fred' in /etc/passwd *and* in AD ? > > > > If so, choose one and then delete the other, you cannot have them in > > both. > > *Not* setting 'winbind use default domain = yes' will allow you > to have them both. And they will be what they shoult be: two different > users. With different unix IDs.But to clarify, they will then be user 'fred' and user 'DOMAIN\fred'. Not the same name at all..
On Tue, Aug 9, 2016 at 3:07 PM, Jeremy Allison via samba < samba at lists.samba.org> wrote:> On Tue, Aug 09, 2016 at 07:50:12PM +0200, Michael Adam via samba wrote: > > On 2016-08-09 at 17:58 +0100, Rowland Penny via samba wrote: > > > On Tue, 9 Aug 2016 13:37:18 -0300 > > > francis picabia <fpicabia at gmail.com> wrote: > > > > > > > > > > > > > > getent passwd username > > > > > > > > (or "theusername") is not the literal command. I substitute > > > > 'username' here to protect the user id. > > > > genent passwd on the user does work and it returns uid and gui of > > > > 1000, exactly what we see in the /etc/passwd file. It is the same > > > > output as grep 'username' on /etc/passwd > > > > > > > > Remember, when winbind is off, it works. This is certainly bug 10604 > > > > by all measures. > > > > > > And I think you have just posted your problem! > > > > > > Lets use 'fred' as one of your users, replace 'fred' with a real users > > > name > > > > > > Do you have a user called 'fred' in /etc/passwd *and* in AD ? > > > > > > If so, choose one and then delete the other, you cannot have them in > > > both. > > > > *Not* setting 'winbind use default domain = yes' will allow you > > to have them both. And they will be what they shoult be: two different > > users. With different unix IDs. > > But to clarify, they will then be user 'fred' and user 'DOMAIN\fred'. > Not the same name at all.. > <https://lists.samba.org/mailman/options/samba> >That's like saying a beer poured from a bottle into the glass is not the same beer. If that is what all this disagreement has been about, it is very sad. We've modified our smb.conf shares about 10 years ago to have valid users with MYDOM\user and it has worked very well. It is still working well for the most part.