On Mon, 5 Nov 2018 11:51:00 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> > > Il 05/11/2018 11:41, Rowland Penny via samba ha scritto: > > You might as well remove the line 'winbind use default domain > > Yes', it does nothing on a DC. > > I would also add 'idmap_ldb:use rfc2307 = yes' > ok, i did it > > When you run 'getent passwd username' does it produce output ? > [root at dc1 etc]# getent passwd massaro > LXCERRUTI\massaro:*:3000027:513::/home/LXCERRUTI/massaro:/bin/false > > > If so, does it produce the output you expect ? > yesIs 'massaro' one of your existing users carried over by the classicupgrade ? If it is, then you are not getting the expected output. The number '3000027' comes from 'idmap.ldb' and not from AD. If it isn't, try again with a user carried over by the classicupgrade. It also shows two potential problems that come from using a DC as a fileserver, any Unix home dirs & login shells stored in AD are not used. All users get the home dir '/home/DOMAIN/username' and the login shell '/bin/false' i.e. they cannot log into the DC.> > How are you starting Samba ? > at this moment, in test environment, by hand with sambaGood, just checking that you were not starting all the Samba deamons. Rowland
Il 05/11/2018 12:09, Rowland Penny via samba ha scritto:> Is 'massaro' one of your existing users carried over by the > classicupgrade ?yes it is, i checked also other users but id is correct : [root at dc1 var]# getent passwd cerr2012 LXCERRUTI\cerr2012:*:570:513::/home/LXCERRUTI/cerr2012:/bin/false [root at dc1 var]# getent passwd dado LXCERRUTI\dado:*:500:513::/home/LXCERRUTI/dado:/bin/false [root at dc1 var]# getent passwd magfilati LXCERRUTI\magfilati:*:597:513::/home/LXCERRUTI/magfilati:/bin/false [root at dc1 var]# getent passwd giuseppe LXCERRUTI\giuseppe:*:683:513::/home/LXCERRUTI/giuseppe:/bin/false> If it is, then you are not getting the expected output. > The number '3000027' comes from 'idmap.ldb' and not from AD.ok> If it isn't, try again with a user carried over by the classicupgrade. > > It also shows two potential problems that come from using a DC as a > fileserver, any Unix home dirs & login shells stored in AD are not > used. All users get the home dir '/home/DOMAIN/username' and the login > shell '/bin/false' i.e. they cannot log into the DC.all my users don't login to dc because i have a member like fileserver, but they log each access with this errors: [2018/11/05 12:10:55.577583, 0] ../source3/smbd/uid.c:386(change_to_user_internal) change_to_user_internal: chdir_current_service() failed! -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Facebook <https://www.facebook.com/LanificioCerruti> Instagram <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary
On Mon, 5 Nov 2018 12:20:31 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> > > Il 05/11/2018 12:09, Rowland Penny via samba ha scritto: > > Is 'massaro' one of your existing users carried over by the > > classicupgrade ? > yes it is, i checked also other users but id is correct : > > [root at dc1 var]# getent passwd cerr2012 > LXCERRUTI\cerr2012:*:570:513::/home/LXCERRUTI/cerr2012:/bin/false > [root at dc1 var]# getent passwd dado > LXCERRUTI\dado:*:500:513::/home/LXCERRUTI/dado:/bin/false > [root at dc1 var]# getent passwd magfilati > LXCERRUTI\magfilati:*:597:513::/home/LXCERRUTI/magfilati:/bin/false > [root at dc1 var]# getent passwd giuseppe > LXCERRUTI\giuseppe:*:683:513::/home/LXCERRUTI/giuseppe:/bin/false > > > If it is, then you are not getting the expected output. > > The number '3000027' comes from 'idmap.ldb' and not from AD. > ok > > If it isn't, try again with a user carried over by the > > classicupgrade. > > > > It also shows two potential problems that come from using a DC as a > > fileserver, any Unix home dirs & login shells stored in AD are not > > used. All users get the home dir '/home/DOMAIN/username' and the > > login shell '/bin/false' i.e. they cannot log into the DC. > all my users don't login to dc because i have a member like > fileserver, but they log each access with this errors: > > [2018/11/05 12:10:55.577583, 0] > ../source3/smbd/uid.c:386(change_to_user_internal) > change_to_user_internal: chdir_current_service() failed! >This is the first mention of a Unix domain member, where are the log entries coming from and please define 'access' Rowland