thr3ads.net - samba - [Samba] Domain member server: user access [Sep 2017]

If this information is useful, please help other people find it:
Share via:

L.P.H. van Belle

2017-Sep-25 14:48 UTC

[Samba] Domain member server: user access

Arg.. 

wbinfo --gid-info=100 
DC:  Confirmed, DOMAIN\Domain Users

Member: Fail. 
failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for gid 100 

But both server show the same with  : 
wbinfo -n "NTDOM\domain users" 

So imho, report bug if Rowland can confirm this with a samba from source. 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: maandag 25 september 2017 16:40
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Domain member server: user access
> 
> Am 2017-09-25 um 16:29 schrieb Rowland Penny via samba:
> 
> >> DC # samba-tool user create kamleitnerl Le26xxx 
> >> --nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl 
> >> --uid-number=10070 --login-shell=/bin/false --gid-number=100
> >>
> > 
> > Where did you get the GID '100' from ?
> > Is this the gidNumber for Domain Users ?
> 
> I think so:
> 
> # wbinfo --gid-info=100
> ARBEITSGRUPPE\domain users:x:100:
> 
> ?
> 
> > Can you please post the smb.conf from the DC and DM.
> 
> Sure. We had both in an earlier thread, btw, but here again:
> 
> DC:
> 
> # samba-tool testparm
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
> 	netbios name = BACKUP
> 	realm = ARBEITSGRUPPE.MY.TLD
> 	workgroup = ARBEITSGRUPPE
> 	dns forwarder = 10.0.0.254
> 	server role = active directory domain controller
> 	idmap_ldb:use rfc2307 = yes
> 
> [netlogon]
> 	path = /var/lib/samba/sysvol/arbeitsgruppe.my.tld/scripts
> 	read only = No
> 
> [sysvol]
> 	path = /var/lib/samba/sysvol
> 	read only = No
> 
> DM:
> 
> # testparm -s
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows 
> limit (16384) Processing section "[Daten]"
> Processing section "[Scans_Plotter]"
> Loaded services file OK.
> 
> Server role: ROLE_DOMAIN_MEMBER
> 
> # Global parameters
> [global]
> 	realm = ARBEITSGRUPPE.MY.TLD
> 	workgroup = ARBEITSGRUPPE
> 	log file = /var/log/samba/%m.log
> 	load printers = No
> 	printcap name = /dev/null
> 	security = ADS
> 	username map = /etc/samba/user.map
> 	winbind nss info = rfc2307
> 	winbind refresh tickets = Yes
> 	winbind use default domain = Yes
> 	idmap config arbeitsgruppe:schema_mode = rfc2307
> 	idmap config arbeitsgruppe:range = 10000-9999999
> 	idmap config arbeitsgruppe:backend = ad
> 	idmap config * : range = 2000-2999
> 	idmap config * : backend = tdb
> 
> ...
> 
> thx, Stefan
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Stefan G. Weichinger

2017-Sep-25 14:54 UTC

head link

[Samba] Domain member server: user access

Am 2017-09-25 um 16:48 schrieb L.P.H. van Belle via
samba:> Arg.. 
> 
> wbinfo --gid-info=100 
> DC:  Confirmed, DOMAIN\Domain Users
> 
> Member: Fail. 
> failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for gid 100 
> 
> But both server show the same with  : 
> wbinfo -n "NTDOM\domain users" 
> 
> So imho, report bug if Rowland can confirm this with a samba from source. 
Same here on DM:

# wbinfo --gid-info=100
failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for gid 100

# wbinfo -n "ARBEITSGRUPPE\Domain Users"
S-1-5-21-2777655458-4002997014-749295002-513 SID_DOM_GROUP (2)

DC:

# wbinfo --gid-info=100
ARBEITSGRUPPE\domain users:x:100:

# wbinfo -n "ARBEITSGRUPPE\Domain Users"
S-1-5-21-2777655458-4002997014-749295002-513 SID_DOM_GROUP (2)

Rowland Penny

2017-Sep-25 15:04 UTC

head link

[Samba] Domain member server: user access

On Mon, 25 Sep 2017 16:54:24 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org>
wrote:
> Am 2017-09-25 um 16:48 schrieb L.P.H. van Belle via samba:
> > Arg.. 
> > 
> > wbinfo --gid-info=100 
> > DC:  Confirmed, DOMAIN\Domain Users
> > 
> > Member: Fail. 
> > failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not get info for gid 100 
> > 
> > But both server show the same with  : 
> > wbinfo -n "NTDOM\domain users" 
> > 
> > So imho, report bug if Rowland can confirm this with a samba from
> > source. 
> 
> Same here on DM:
> 
> # wbinfo --gid-info=100
> failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for gid 100
> 
> # wbinfo -n "ARBEITSGRUPPE\Domain Users"
> S-1-5-21-2777655458-4002997014-749295002-513 SID_DOM_GROUP (2)
> 
> DC:
> 
> # wbinfo --gid-info=100
> ARBEITSGRUPPE\domain users:x:100:
> 
> # wbinfo -n "ARBEITSGRUPPE\Domain Users"
> S-1-5-21-2777655458-4002997014-749295002-513 SID_DOM_GROUP (2)
> 
> 
How many times do I have to say this, 'wbinfo' connects directly to AD.
To show that your users & groups are known to Unix, you MUST use
'getent'

Rowland

Apparently Analagous Threads

Search for more reasonably related threads

samba - Sep 2017 - Domain member server: user access

[Samba] Domain member server: user access

[Samba] Domain member server: user access

[Samba] Domain member server: user access

Apparently Analagous Threads