On 17/06/2021 21:41, Bastian Sebode via samba wrote:> Hey Rowland, thanks for your reply. > > On 17/06/2021 18:53, Rowland Penny via samba wrote: > > Your 'idmap config' lines are incorrect, or are you using sssd ? > > > No I'm using winbind. I also tried 'watch -d -n 0.1 wbinfo -u' while > testing, but the users could be resolved at all time, even when > opening the file didn't work.wbinfo goes direct to AD, so it showing users, doesn't mean that the OS knows the users. Do you have the 'libpam-winbind libnss-winbind libpam-krb5' packages installed ?> > What would be the correct 'idmap config'?See my suggested smb.conf below.> > Just rechecked /etc/nsswitch.conf and this seemed not correct. I added > winbind to shadow as well now, but without any improvement. Or should > I remove systemd from nsswitch.conf? > --- > passwd:???????? files systemd winbind > group:????????? files systemd winbind > shadow:???????? files > gshadow:??????? filesThat looks correct.> --- > > > What version of Ubuntu are you using ? > > > 20.04, also updated right now from 2:4.11.6+dfsg-0ubuntu1.8 to > 2:4.11.6+dfsg-0ubuntu1.9, but as expected no change.[global] ??? workgroup = CUSTOMER ??? realm = CUSTOMER.LOCAL ??? security = ADS ??? server string = %h server (Samba, Ubuntu) ??? idmap config * : backend = tdb ??? idmap config * : range = 3000-7999 ??? idmap config CUSTOMER : backend = rid ??? idmap config CUSTOMER : range = 10000-999999 ??? template shell = /bin/bash ??? winbind use default domain = yes ??? winbind expand groups = 2 ??? winbind refresh tickets = Yes ??? winbind separator = + ??? domain master = no ??? local master = no ??? preferred master = no ??? dns proxy = no ??? username map = /etc/samba/user.map ??? vfs objects = acl_xattr ??? map acl inherit = Yes ??? log file = /var/log/samba/log.%m ??? logging = file ??? map to guest = Bad User ??? max log size = 102400 ??? panic action = /usr/share/samba/panic-action %d ??? server min protocol = NT1 ??? usershare allow guests = Yes ??? acl allow execute always = Yes [daten] ??????? comment = Daten ??????? path = /home ??????? read only = No [testme] ??????? comment = Test-Share ??????? path = /share/testme ??????? read only = No Create /etc/samba/user.map containing this: !root = SUPERMARIO\Administrator Rowland
Hey Rowland, thanks again for your reply and the example smb.conf. libpam-krb5 is not installed right now. Unfortunately the customer doesn't want to change these settings prior to the weekend and then I'm two weeks off. I will get back to this list with an information on success on July 5th. Regards Bastian Am 17.06.2021 um 23:01 schrieb Rowland penny via samba:> On 17/06/2021 21:41, Bastian Sebode via samba wrote: >> Hey Rowland, thanks for your reply. >> >> On 17/06/2021 18:53, Rowland Penny via samba wrote: >> > Your 'idmap config' lines are incorrect, or are you using sssd ? >> > >> No I'm using winbind. I also tried 'watch -d -n 0.1 wbinfo -u' while >> testing, but the users could be resolved at all time, even when >> opening the file didn't work. > > > wbinfo goes direct to AD, so it showing users, doesn't mean that the > OS knows the users. > > Do you have the 'libpam-winbind libnss-winbind libpam-krb5' packages > installed ? > >> >> What would be the correct 'idmap config'? > > > See my suggested smb.conf below. > >> >> Just rechecked /etc/nsswitch.conf and this seemed not correct. I >> added winbind to shadow as well now, but without any improvement. Or >> should I remove systemd from nsswitch.conf? >> --- >> passwd:???????? files systemd winbind >> group:????????? files systemd winbind >> shadow:???????? files >> gshadow:??????? files > > > That looks correct. > >> --- >> >> > What version of Ubuntu are you using ? >> > >> 20.04, also updated right now from 2:4.11.6+dfsg-0ubuntu1.8 to >> 2:4.11.6+dfsg-0ubuntu1.9, but as expected no change. > > > [global] > ??? workgroup = CUSTOMER > ??? realm = CUSTOMER.LOCAL > ??? security = ADS > ??? server string = %h server (Samba, Ubuntu) > > ??? idmap config * : backend = tdb > ??? idmap config * : range = 3000-7999 > ??? idmap config CUSTOMER : backend = rid > ??? idmap config CUSTOMER : range = 10000-999999 > ??? template shell = /bin/bash > > ??? winbind use default domain = yes > ??? winbind expand groups = 2 > ??? winbind refresh tickets = Yes > ??? winbind separator = + > > ??? domain master = no > ??? local master = no > ??? preferred master = no > ??? dns proxy = no > > ??? username map = /etc/samba/user.map > > ??? vfs objects = acl_xattr > ??? map acl inherit = Yes > > ??? log file = /var/log/samba/log.%m > ??? logging = file > ??? map to guest = Bad User > ??? max log size = 102400 > > ??? panic action = /usr/share/samba/panic-action %d > ??? server min protocol = NT1 > ??? usershare allow guests = Yes > ??? acl allow execute always = Yes > > [daten] > ??????? comment = Daten > ??????? path = /home > ??????? read only = No > > [testme] > ??????? comment = Test-Share > ??????? path = /share/testme > ??????? read only = No > > Create /etc/samba/user.map containing this: > > !root = SUPERMARIO\Administrator > > Rowland > > >-- Bastian Sebode Fachinformatiker Systemintegration LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de LINET in den sozialen Netzwerken: www.twitter.com/linetservices | www.facebook.com/linetservices Wissenswertes aus der IT-Welt: www.linet-services.de/blog/ Gesch?ftsf?hrung: Timo Springmann, Mirko Savic und Moritz Bunkus HR B 9170 Amtsgericht Braunschweig USt-IdNr. DE 259 526 516
Bastian, If i recall right, this is a know problem, and is/will be, fixed in latest samba version now in git. I would recommend you wait for next update on samba, test it again with latest version. It looks bit like these: https://bugzilla.samba.org/show_bug.cgi?id=14700 https://bugzilla.samba.org/show_bug.cgi?id=14734 Enjoy the days of, at least the weather is nice now. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Bastian Sebode via samba > Verzonden: vrijdag 18 juni 2021 13:41 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND randomly > > Hey Rowland, > > thanks again for your reply and the example smb.conf. > libpam-krb5 is not > installed right now. > > Unfortunately the customer doesn't want to change these > settings prior > to the weekend and then I'm two weeks off. > I will get back to this list with an information on success > on July 5th. > > Regards > Bastian > > Am 17.06.2021 um 23:01 schrieb Rowland penny via samba: > > On 17/06/2021 21:41, Bastian Sebode via samba wrote: > >> Hey Rowland, thanks for your reply. > >> > >> On 17/06/2021 18:53, Rowland Penny via samba wrote: > >> > Your 'idmap config' lines are incorrect, or are you using sssd ? > >> > > >> No I'm using winbind. I also tried 'watch -d -n 0.1 wbinfo > -u' while > >> testing, but the users could be resolved at all time, even when > >> opening the file didn't work. > > > > > > wbinfo goes direct to AD, so it showing users, doesn't mean > that the > > OS knows the users. > > > > Do you have the 'libpam-winbind libnss-winbind libpam-krb5' > packages > > installed ? > > > >> > >> What would be the correct 'idmap config'? > > > > > > See my suggested smb.conf below. > > > >> > >> Just rechecked /etc/nsswitch.conf and this seemed not correct. I > >> added winbind to shadow as well now, but without any > improvement. Or > >> should I remove systemd from nsswitch.conf? > >> --- > >> passwd:???????? files systemd winbind > >> group:????????? files systemd winbind > >> shadow:???????? files > >> gshadow:??????? files > > > > > > That looks correct. > > > >> --- > >> > >> > What version of Ubuntu are you using ? > >> > > >> 20.04, also updated right now from 2:4.11.6+dfsg-0ubuntu1.8 to > >> 2:4.11.6+dfsg-0ubuntu1.9, but as expected no change. > > > > > > [global] > > ??? workgroup = CUSTOMER > > ??? realm = CUSTOMER.LOCAL > > ??? security = ADS > > ??? server string = %h server (Samba, Ubuntu) > > > > ??? idmap config * : backend = tdb > > ??? idmap config * : range = 3000-7999 > > ??? idmap config CUSTOMER : backend = rid > > ??? idmap config CUSTOMER : range = 10000-999999 > > ??? template shell = /bin/bash > > > > ??? winbind use default domain = yes > > ??? winbind expand groups = 2 > > ??? winbind refresh tickets = Yes > > ??? winbind separator = + > > > > ??? domain master = no > > ??? local master = no > > ??? preferred master = no > > ??? dns proxy = no > > > > ??? username map = /etc/samba/user.map > > > > ??? vfs objects = acl_xattr > > ??? map acl inherit = Yes > > > > ??? log file = /var/log/samba/log.%m > > ??? logging = file > > ??? map to guest = Bad User > > ??? max log size = 102400 > > > > ??? panic action = /usr/share/samba/panic-action %d > > ??? server min protocol = NT1 > > ??? usershare allow guests = Yes > > ??? acl allow execute always = Yes > > > > [daten] > > ??????? comment = Daten > > ??????? path = /home > > ??????? read only = No > > > > [testme] > > ??????? comment = Test-Share > > ??????? path = /share/testme > > ??????? read only = No > > > > Create /etc/samba/user.map containing this: > > > > !root = SUPERMARIO\Administrator > > > > Rowland > > > > > > > > -- > Bastian Sebode > Fachinformatiker Systemintegration > > LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig > Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de > > LINET in den sozialen Netzwerken: > www.twitter.com/linetservices | www.facebook.com/linetservices > Wissenswertes aus der IT-Welt: www.linet-services.de/blog/ > > Gesch?ftsf?hrung: Timo Springmann, Mirko Savic und Moritz Bunkus > HR B 9170 Amtsgericht Braunschweig > > USt-IdNr. DE 259 526 516 > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >