Hey Rowland, thank you for your answers and help. I found another Layer8 problem and now it is working as expected. thank you again! Typo On Sun, Jul 18, 2021 at 12:04 PM Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sun, 2021-07-18 at 11:55 +0200, Mr Typo wrote: > > Yeah reading attributes from ad, like unixHomeDirectory and > > loginShell > > > > When i understand it right, i can use > > template homedir = /home/%U > > > > for default values and setting the unixHomeDirectory and loginShell > > if > > i want another value, correct? > > Yes and no :-) > > Yes, you can add them to AD, but no they will not be used unless you > use the winbind ad backend, try reading this: > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > and this: > https://wiki.samba.org/index.php/Idmap_config_ad > > > > > currently i play with the below configuration but i just the the > > template values for every user. Any ideas? > > > > [global] > > workgroup = PFW > > realm = PFW.LOCAL > > security = ads > > idmap config * : backend = tdb > > idmap config * : range = 3000-7999 > > idmap config PFW:backend = ad > > idmap config PFW:schema_mode = rfc2307 > > idmap config PFW:range = 10000-999999 > > idmap config PFW:unix_nss_info = yes > > template homedir = /home/%U > > template shell = /bin/bash > > # idmap config PFW : backend = rid > > # idmap config PFW : range = 500-19999999 > > # idmap config PFW : rangesize = 1000000 > > winbind use default domain = true > > winbind enum users = no > > winbind offline logon = true > > log file = /var/log/samba/log.%m > > max log size = 50 > > log level = 3 > > load printers = no > > printing = bsd > > printcap name = /dev/null > > disable spoolss = yes > > > > That looks okay. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hey Rowland,
i hope you can help me again. I cant find the error. I did install a
fresh centos and used the same config as we discussed last week.
no sssd and no ncsd is configured. i can to a SID to uid lookup, but i
cant lookup uids to SID
i hope you can help me again, i have no idea where to look..
best regards
Typo
[root at sv2-ftp01p ~]# wbinfo -s S-1-1-0
\Everyone 5
[root at sv2-ftp01p ~]# wbinfo -s S-1-5-2
NT Authority\Network 5
[root at sv2-ftp01p ~]# wbinfo -u | head -5
administrator
gast
krbtgt
itxadmin
itxuser
[root at sv2-ftp01p ~]# wbinfo --ping-dc
checking the NETLOGON for domain[PFW] dc connection to
"sv1-dc01p.pfw.local" succeeded
[root at sv2-ftp01p ~]# net ads info
LDAP server: 10.40.130.10
LDAP server name: sv1-dc01p.pfw.local
Realm: PFW.LOCAL
Bind Path: dc=PFW,dc=LOCAL
LDAP port: 389
Server time: Tue, 20 Jul 2021 12:14:29 CEST
KDC server: 10.40.130.10
Server time offset: 0
Last machine account password change: Tue, 20 Jul 2021 11:28:26 CEST
[root at sv2-ftp01p ~]# cat /etc/nsswitch.conf|grep winbi
passwd: files winbind systemd
group: files winbind systemd
[root at sv2-ftp01p ~]# id itxadmin
id: 'itxadmin': no such user
[root at sv2-ftp01p ~]# getent passwd itxadmin
[root at sv2-ftp01p ~]# wbinfo -s S-1-5-21-4080695503-475066264-1108356078-1110
PFW\adadmsar 1
[root at sv2-ftp01p ~]# id adadmsar
id: 'adadmsar': no such user
[root at sv2-ftp01p ~]# wbinfo -i srvadmsar
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
smb.conf
[global]
workgroup = PFW
realm = PFW.LOCAL
security = ads
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config PFW:backend = ad
idmap config PFW:schema_mode = rfc2307
idmap config PFW:range = 10000-999999
idmap config PFW:unix_nss_info = yes
template homedir = /home/%U
template shell = /bin/false
winbind use default domain = true
winbind enum users = yes
winbind offline logon = true
log file = /var/log/samba/log.%m
max log size = 50
log level = 9
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
On Sun, Jul 18, 2021 at 12:27 PM Mr Typo <euroregistrar at gmail.com>
wrote:>
> Hey Rowland,
>
> thank you for your answers and help. I found another Layer8 problem
> and now it is working as expected.
>
> thank you again!
>
> Typo
>
> On Sun, Jul 18, 2021 at 12:04 PM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> > On Sun, 2021-07-18 at 11:55 +0200, Mr Typo wrote:
> > > Yeah reading attributes from ad, like unixHomeDirectory and
> > > loginShell
> > >
> > > When i understand it right, i can use
> > > template homedir = /home/%U
> > >
> > > for default values and setting the unixHomeDirectory and
loginShell
> > > if
> > > i want another value, correct?
> >
> > Yes and no :-)
> >
> > Yes, you can add them to AD, but no they will not be used unless you
> > use the winbind ad backend, try reading this:
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >
> > and this:
> > https://wiki.samba.org/index.php/Idmap_config_ad
> >
> > >
> > > currently i play with the below configuration but i just the the
> > > template values for every user. Any ideas?
> > >
> > > [global]
> > > workgroup = PFW
> > > realm = PFW.LOCAL
> > > security = ads
> > > idmap config * : backend = tdb
> > > idmap config * : range = 3000-7999
> > > idmap config PFW:backend = ad
> > > idmap config PFW:schema_mode = rfc2307
> > > idmap config PFW:range = 10000-999999
> > > idmap config PFW:unix_nss_info = yes
> > > template homedir = /home/%U
> > > template shell = /bin/bash
> > > # idmap config PFW : backend = rid
> > > # idmap config PFW : range = 500-19999999
> > > # idmap config PFW : rangesize = 1000000
> > > winbind use default domain = true
> > > winbind enum users = no
> > > winbind offline logon = true
> > > log file = /var/log/samba/log.%m
> > > max log size = 50
> > > log level = 3
> > > load printers = no
> > > printing = bsd
> > > printcap name = /dev/null
> > > disable spoolss = yes
> > >
> >
> > That looks okay.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
2 questions? Did you assign an UID and GID to the users. ( and "domain users" ) Please read and adjust where needed : https://wiki.samba.org/index.php/Idmap_config_ad If that all correct and you already did set UID/GID And if its available, what is in /etc/idmap.conf Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mr > Typo via samba > Verzonden: dinsdag 20 juli 2021 12:36 > Aan: Rowland Penny > CC: sambalist > Onderwerp: Re: [Samba] Problem with Samba as Member to AD > > Hey Rowland, > > i hope you can help me again. I cant find the error. I did install a > fresh centos and used the same config as we discussed last week. > > no sssd and no ncsd is configured. i can to a SID to uid lookup, but i > cant lookup uids to SID > > i hope you can help me again, i have no idea where to look.. > > best regards > > Typo > > [root at sv2-ftp01p ~]# wbinfo -s S-1-1-0 > \Everyone 5 > [root at sv2-ftp01p ~]# wbinfo -s S-1-5-2 > NT Authority\Network 5 > [root at sv2-ftp01p ~]# wbinfo -u | head -5 > administrator > gast > krbtgt > itxadmin > itxuser > [root at sv2-ftp01p ~]# wbinfo --ping-dc > checking the NETLOGON for domain[PFW] dc connection to > "sv1-dc01p.pfw.local" succeeded > [root at sv2-ftp01p ~]# net ads info > LDAP server: 10.40.130.10 > LDAP server name: sv1-dc01p.pfw.local > Realm: PFW.LOCAL > Bind Path: dc=PFW,dc=LOCAL > LDAP port: 389 > Server time: Tue, 20 Jul 2021 12:14:29 CEST > KDC server: 10.40.130.10 > Server time offset: 0 > Last machine account password change: Tue, 20 Jul 2021 11:28:26 CEST > [root at sv2-ftp01p ~]# cat /etc/nsswitch.conf|grep winbi > passwd: files winbind systemd > group: files winbind systemd > > [root at sv2-ftp01p ~]# id itxadmin > id: 'itxadmin': no such user > [root at sv2-ftp01p ~]# getent passwd itxadmin > [root at sv2-ftp01p ~]# wbinfo -s > S-1-5-21-4080695503-475066264-1108356078-1110 > PFW\adadmsar 1 > [root at sv2-ftp01p ~]# id adadmsar > id: 'adadmsar': no such user > [root at sv2-ftp01p ~]# wbinfo -i srvadmsar > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > > > > > smb.conf > > [global] > workgroup = PFW > realm = PFW.LOCAL > security = ads > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config PFW:backend = ad > idmap config PFW:schema_mode = rfc2307 > idmap config PFW:range = 10000-999999 > idmap config PFW:unix_nss_info = yes > template homedir = /home/%U > template shell = /bin/false > winbind use default domain = true > winbind enum users = yes > winbind offline logon = true > log file = /var/log/samba/log.%m > max log size = 50 > log level = 9 > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > winbind refresh tickets = Yes > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > On Sun, Jul 18, 2021 at 12:27 PM Mr Typo > <euroregistrar at gmail.com> wrote: > > > > Hey Rowland, > > > > thank you for your answers and help. I found another Layer8 problem > > and now it is working as expected. > > > > thank you again! > > > > Typo > > > > On Sun, Jul 18, 2021 at 12:04 PM Rowland Penny via samba > > <samba at lists.samba.org> wrote: > > > > > > On Sun, 2021-07-18 at 11:55 +0200, Mr Typo wrote: > > > > Yeah reading attributes from ad, like unixHomeDirectory and > > > > loginShell > > > > > > > > When i understand it right, i can use > > > > template homedir = /home/%U > > > > > > > > for default values and setting the unixHomeDirectory > and loginShell > > > > if > > > > i want another value, correct? > > > > > > Yes and no :-) > > > > > > Yes, you can add them to AD, but no they will not be used > unless you > > > use the winbind ad backend, try reading this: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > > > > > and this: > > > https://wiki.samba.org/index.php/Idmap_config_ad > > > > > > > > > > > currently i play with the below configuration but i just the the > > > > template values for every user. Any ideas? > > > > > > > > [global] > > > > workgroup = PFW > > > > realm = PFW.LOCAL > > > > security = ads > > > > idmap config * : backend = tdb > > > > idmap config * : range = 3000-7999 > > > > idmap config PFW:backend = ad > > > > idmap config PFW:schema_mode = rfc2307 > > > > idmap config PFW:range = 10000-999999 > > > > idmap config PFW:unix_nss_info = yes > > > > template homedir = /home/%U > > > > template shell = /bin/bash > > > > # idmap config PFW : backend = rid > > > > # idmap config PFW : range = 500-19999999 > > > > # idmap config PFW : rangesize = 1000000 > > > > winbind use default domain = true > > > > winbind enum users = no > > > > winbind offline logon = true > > > > log file = /var/log/samba/log.%m > > > > max log size = 50 > > > > log level = 3 > > > > load printers = no > > > > printing = bsd > > > > printcap name = /dev/null > > > > disable spoolss = yes > > > > > > > > > > That looks okay. > > > > > > Rowland > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >