I have samba-4.6.2-12.el7_4.x86_64 which is connected to WIndows Active Directory Server. I configured samba with AD as below: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM prefered master = No server string = servername security = ADS encrypt passwords = Yes log file = /var/log/samba/%I max log size = 50 interfaces = bond0 lo bind interfaces only = Yes hosts allow = 10.32.0.0/16 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind separator = + #winbind nss info = rfc2307 winbind trusted domains only = no winbind : ignore domains = FAKEDOMAIN template shell = /bin/falsen template homedir = /mnt/sambahomedir/%D/%U wide links = Yes follow symlinks = Yes unix extensions = No idmap config * : backend = tdb idmap config * : range = 10000-20000 idmap config MYDOMAIN : unix_nss_info = No idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : schema_mode = rfc2307 idmap config MYDOMAIN : range = 1000000-2000000 server signing = auto client signing = auto ############### When I use command wbinfo -u I can see a list of all users in AD domain MYDOMAIN+user1 MYDOMAIN+user2 When I execute wbinfo -n user1 or wbinfo -n DOMAIN+user I get: S-1-5-21-... SID_USER (1) but when I execute wbinfo -S SID I get: Could not convert sid S-1-5-21-... to uid moreover when I try to chown the directory chown "DOMAIN+user1" directory_path I get: chown: invalid user: 'DOMAIN+user1’ In the respectively configuration in samba samba-4.4.4-12.el7_3.x86_64 everything goes ok but configuration is without whole idmap config section. Its oldfashion style. I do not know mabye "backend = ad" is the problem of this configuration. But when I move configuration from the sama 4.4.4-12 server the problem still exists.
On Mon, 5 Mar 2018 16:29:43 +0100 Marcin Kruk via samba <samba at lists.samba.org> wrote:> I have samba-4.6.2-12.el7_4.x86_64 which is connected to WIndows > Active Directory Server. > > When I use command wbinfo -u > I can see a list of all users in AD domain > MYDOMAIN+user1 > MYDOMAIN+user2At least this shows that winbind knows your AD users.> > When I execute > wbinfo -n user1 or > wbinfo -n DOMAIN+user > I get: > S-1-5-21-... SID_USER (1) > > but when I execute > wbinfo -S SID > I get: > Could not convert sid S-1-5-21-... to uid > > moreover when I try to chown the directory > chown "DOMAIN+user1" directory_path > I get: > chown: invalid user: 'DOMAIN+user1’Here we go with 1001th time of saying this ;-) Just because wbinfo shows your users & groups, doesnt mean your OS knows who they are.> > In the respectively configuration in samba samba-4.4.4-12.el7_3.x86_64 > everything goes ok but configuration is without whole idmap config > section. Its oldfashion style. > I do not know mabye "backend = ad" is the problem of this > configuration. But when I move configuration from the sama 4.4.4-12 > server the problem still exists.It probably is the 'ad' backend, do your users have a 'uidNumber' attribute in AD and does 'Domain Users' have a 'gidNumber' attribute ? These numbers will need to be inside the '1000000-2000000' range you have set in smb.conf. Rowland
I do not know if there is a uidNumber in Active Directory, I am not an administrator of Microsoft AD. So you claimed that I need add an extra parameters uidNumber and gidNumber to the MS Active Directory user, and add an extra value to each of them? I think that It will be impossible and too much extra work. I need similiar funcionality than it was in the previous version. So mabye I shoud change the backend parameter (tdb/ad/rid/autorid/ldap/nss)? 2018-03-05 16:53 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 5 Mar 2018 16:29:43 +0100 > Marcin Kruk via samba <samba at lists.samba.org> wrote: > > > I have samba-4.6.2-12.el7_4.x86_64 which is connected to WIndows > > Active Directory Server. > > > > When I use command wbinfo -u > > I can see a list of all users in AD domain > > MYDOMAIN+user1 > > MYDOMAIN+user2 > > At least this shows that winbind knows your AD users. > > > > > When I execute > > wbinfo -n user1 or > > wbinfo -n DOMAIN+user > > I get: > > S-1-5-21-... SID_USER (1) > > > > but when I execute > > wbinfo -S SID > > I get: > > Could not convert sid S-1-5-21-... to uid > > > > moreover when I try to chown the directory > > chown "DOMAIN+user1" directory_path > > I get: > > chown: invalid user: 'DOMAIN+user1’ > > Here we go with 1001th time of saying this ;-) > > Just because wbinfo shows your users & groups, doesnt mean your OS > knows who they are. > > > > > In the respectively configuration in samba samba-4.4.4-12.el7_3.x86_64 > > everything goes ok but configuration is without whole idmap config > > section. Its oldfashion style. > > I do not know mabye "backend = ad" is the problem of this > > configuration. But when I move configuration from the sama 4.4.4-12 > > server the problem still exists. > > It probably is the 'ad' backend, do your users have a 'uidNumber' > attribute in AD and does 'Domain Users' have a 'gidNumber' attribute ? > These numbers will need to be inside the '1000000-2000000' range you > have set in smb.conf. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >