Rowland penny
2016-Jun-13 19:22 UTC
[Samba] Samba4 Domain Member Server "Getent show diferents UID"
On 13/06/16 20:14, Rowland penny wrote:> On 13/06/16 19:37, Juan Ignacio wrote: >> Rowland: >> >> I'll use this email from now, the other does not work well. >> >> A few years ago around 2. >> >> We did everything that could be used for NIX and it worked. >> The main DC_AD had been provisioned without rfc2307 and we did later. >> >> The problem is that at that time by not having infrastructure had to >> be used as fileserver and this was a problem because all directories >> are UID of 3000000 onwards. >> >> Now I installed a new server following the procedure here: >> >> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member >> >> All seems to work well but UIDs are different when for example I run >> wbinfo --user-info = uanaco >> >> Primary AD-DC >> ADDC1 \ uanaco: *: 3000783: 100: uanaco: / home / ADDC1 / uanaco: / >> bin / false >> >> member Server >> uanaco: *: 100642: 100008: uanaco: / home / ADDC1 / uanaco: / bin / >> false >> >> This is a problem because my intention is to use this file server and >> testify pass all directories Primary AD-DC to Member Server. >> >> Is there any way the member server read the same UID as the primary- >> >> Thank Rowland. > > Yes, but what does 'getent passwd ADDC1\uanaco' on the DC show ??? > if it shows '3000783' as the users UID, then, unless you have set the > users uidNumber attribute to 3000783, you are not using RFC2307 > attributes. This is further backed up by the fact that the same user > may get '100642' as its UID on the domain member. > > Few questions: > Have you given your users a uidNumber attribute ? > Have you given 'Domain Users' (at least) a gidNumber attribute ? > If you have done the above, have you run 'net cache flush' on the DC ? > Is PAM set up correctly on the DC and domain member ? > > Rowland >Also can you post (as I asked) the smb.conf from the domain member. Rowland
Juan Ignacio
2016-Jun-14 14:36 UTC
[Samba] Samba4 Domain Member Server "Getent show diferents UID"
I go to answer all, here I go. Have you given your users a uidNumber attribute ? Not all, but im set it in my user and not work. Have you given 'Domain Users' (at least) a gidNumber attribute ? Not all, but im set it in my user and not work. If you have done the above, have you run 'net cache flush' on the DC ? Yes :-( Is PAM set up correctly on the DC and domain member ? Yes. The smb.conf on the DC. [global] netbios name = XXXXXX security = ADS workgroup = XXXXXXX realm = XXXXXXX log file = /var/log/samba/%m.log log level = 1 # idmap config used for your domain. # Click on the following links for more information # on the available winbind idmap backends, # Choose the one that fits your requirements # then add the corresponding configuration. # Just adding the following three lines is not enough!! # - idmap config ad # - idmap config rid # - idmap_config_autorid idmap config * : backend = tdb idmap config * : range = 100000-299999 idmap config TEST : backend = rid idmap config TEST : range = 10000-99999 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind refresh tickets = yes [test] read only = no path = /testSamba ~ The smb.conf in the AD DC. Global parameters [global] workgroup = XXXXX realm = XXXXXXXX netbios name = XXXXXXX server role = active directory domain controller dns forwarder = xxx.xx.xxx.xxx allow dns updates = nonsecure and secure #server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, smb dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,winbind, ntp_signd, kcc, dnsupdate, dns idmap_ldb:use rfc2307 = yes #winbind use default domain = yes winbind enum users = yes winbind enum groups = yes #winbind nested groups = yes log level = 3 log file = /var/log/samba/samba.log # unix charset = ISO8859-1 #[netlogon antes] #path = /usr/local/samba/var/locks/sysvol/xxxxxx/scripts #read only = No Analista Inf. Juan Ignacio Pazos <http://www.linkedin.com/pub/juan-ignacio-pazos-lorenzo/19/9b9/26a> 2016-06-13 16:22 GMT-03:00 Rowland penny <rpenny at samba.org>:> On 13/06/16 20:14, Rowland penny wrote: > >> On 13/06/16 19:37, Juan Ignacio wrote: >> >>> Rowland: >>> >>> I'll use this email from now, the other does not work well. >>> >>> A few years ago around 2. >>> >>> We did everything that could be used for NIX and it worked. >>> The main DC_AD had been provisioned without rfc2307 and we did later. >>> >>> The problem is that at that time by not having infrastructure had to be >>> used as fileserver and this was a problem because all directories are UID >>> of 3000000 onwards. >>> >>> Now I installed a new server following the procedure here: >>> >>> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member >>> >>> All seems to work well but UIDs are different when for example I run >>> wbinfo --user-info = uanaco >>> >>> Primary AD-DC >>> ADDC1 \ uanaco: *: 3000783: 100: uanaco: / home / ADDC1 / uanaco: / bin >>> / false >>> >>> member Server >>> uanaco: *: 100642: 100008: uanaco: / home / ADDC1 / uanaco: / bin / false >>> >>> This is a problem because my intention is to use this file server and >>> testify pass all directories Primary AD-DC to Member Server. >>> >>> Is there any way the member server read the same UID as the primary- >>> >>> Thank Rowland. >>> >> >> Yes, but what does 'getent passwd ADDC1\uanaco' on the DC show ??? >> if it shows '3000783' as the users UID, then, unless you have set the >> users uidNumber attribute to 3000783, you are not using RFC2307 attributes. >> This is further backed up by the fact that the same user may get '100642' >> as its UID on the domain member. >> >> Few questions: >> Have you given your users a uidNumber attribute ? >> Have you given 'Domain Users' (at least) a gidNumber attribute ? >> If you have done the above, have you run 'net cache flush' on the DC ? >> Is PAM set up correctly on the DC and domain member ? >> >> Rowland >> >> > Also can you post (as I asked) the smb.conf from the domain member. > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2016-Jun-14 15:07 UTC
[Samba] Samba4 Domain Member Server "Getent show diferents UID"
On 14/06/16 15:36, Juan Ignacio wrote:> I go to answer all, here I go. > > Have you given your users a uidNumber attribute ? > > Not all, but im set it in my user and not work. > > Have you given 'Domain Users' (at least) a gidNumber attribute ? > > Not all, but im set it in my user and not work. > > If you have done the above, have you run 'net cache flush' on the DC ? > > Yes :-( > > Is PAM set up correctly on the DC and domain member ? > Yes. > > The smb.conf on the DC. > > [global] > netbios name = XXXXXX > security = ADS > workgroup = XXXXXXX > realm = XXXXXXX > > log file = /var/log/samba/%m.log > log level = 1 > > # idmap config used for your domain. > # Click on the following links for more information > # on the available winbind idmap backends, > # Choose the one that fits your requirements > # then add the corresponding configuration. > > # Just adding the following three lines is not enough!! > # - idmap config ad > # - idmap config rid > # - idmap_config_autorid > > idmap config * : backend = tdb > idmap config * : range = 100000-299999 > idmap config TEST : backend = rid > idmap config TEST : range = 10000-99999 > winbind separator = + > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > winbind refresh tickets = yes > > > [test] > read only = no > path = /testSamba > ~ > > The smb.conf in the AD DC. > > Global parameters > [global] > workgroup = XXXXX > realm = XXXXXXXX > netbios name = XXXXXXX > server role = active directory domain controller > dns forwarder = xxx.xx.xxx.xxx > allow dns updates = nonsecure and secure > #server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate, dns, smb > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, > eventlog6, backupkey, dnsserver, winreg, srvsvc > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl,winbind, ntp_signd, kcc, dnsupdate, dns > idmap_ldb:use rfc2307 = yes > #winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > #winbind nested groups = yes > log level = 3 > log file = /var/log/samba/samba.log > # unix charset = ISO8859-1 > > #[netlogon antes] > #path = /usr/local/samba/var/locks/sysvol/xxxxxx/scripts > #read only = No > > > > > Analista Inf. > Juan Ignacio Pazos > <http://www.linkedin.com/pub/juan-ignacio-pazos-lorenzo/19/9b9/26a> > > 2016-06-13 16:22 GMT-03:00 Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>>: > > On 13/06/16 20:14, Rowland penny wrote: > > On 13/06/16 19:37, Juan Ignacio wrote: > > Rowland: > > I'll use this email from now, the other does not work well. > > A few years ago around 2. > > We did everything that could be used for NIX and it worked. > The main DC_AD had been provisioned without rfc2307 and we > did later. > > The problem is that at that time by not having > infrastructure had to be used as fileserver and this was a > problem because all directories are UID of 3000000 onwards. > > Now I installed a new server following the procedure here: > > https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member > > All seems to work well but UIDs are different when for > example I run > wbinfo --user-info = uanaco > > Primary AD-DC > ADDC1 \ uanaco: *: 3000783: 100: uanaco: / home / ADDC1 / > uanaco: / bin / false > > member Server > uanaco: *: 100642: 100008: uanaco: / home / ADDC1 / > uanaco: / bin / false > > This is a problem because my intention is to use this file > server and testify pass all directories Primary AD-DC to > Member Server. > > Is there any way the member server read the same UID as > the primary- > > Thank Rowland. > > > Yes, but what does 'getent passwd ADDC1\uanaco' on the DC show ??? > if it shows '3000783' as the users UID, then, unless you have > set the users uidNumber attribute to 3000783, you are not > using RFC2307 attributes. This is further backed up by the > fact that the same user may get '100642' as its UID on the > domain member. > > Few questions: > Have you given your users a uidNumber attribute ? > Have you given 'Domain Users' (at least) a gidNumber attribute ? > If you have done the above, have you run 'net cache flush' on > the DC ? > Is PAM set up correctly on the DC and domain member ? > > Rowland > > > Also can you post (as I asked) the smb.conf from the domain member. > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >For the third time, will you please post the smb.conf from your domain member, not the one from your DC. What OS are you using ? Rowland
Possibly Parallel Threads
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"
- Samba4 Domain Member Server "Getent show diferents UID"