Hey Rowland,
thanks again for your reply and the example smb.conf. libpam-krb5 is not
installed right now.
Unfortunately the customer doesn't want to change these settings prior
to the weekend and then I'm two weeks off.
I will get back to this list with an information on success on July 5th.
Regards
Bastian
Am 17.06.2021 um 23:01 schrieb Rowland penny via samba:> On 17/06/2021 21:41, Bastian Sebode via samba wrote:
>> Hey Rowland, thanks for your reply.
>>
>> On 17/06/2021 18:53, Rowland Penny via samba wrote:
>> > Your 'idmap config' lines are incorrect, or are you using
sssd ?
>> >
>> No I'm using winbind. I also tried 'watch -d -n 0.1 wbinfo
-u' while
>> testing, but the users could be resolved at all time, even when
>> opening the file didn't work.
>
>
> wbinfo goes direct to AD, so it showing users, doesn't mean that the
> OS knows the users.
>
> Do you have the 'libpam-winbind libnss-winbind libpam-krb5'
packages
> installed ?
>
>>
>> What would be the correct 'idmap config'?
>
>
> See my suggested smb.conf below.
>
>>
>> Just rechecked /etc/nsswitch.conf and this seemed not correct. I
>> added winbind to shadow as well now, but without any improvement. Or
>> should I remove systemd from nsswitch.conf?
>> ---
>> passwd:???????? files systemd winbind
>> group:????????? files systemd winbind
>> shadow:???????? files
>> gshadow:??????? files
>
>
> That looks correct.
>
>> ---
>>
>> > What version of Ubuntu are you using ?
>> >
>> 20.04, also updated right now from 2:4.11.6+dfsg-0ubuntu1.8 to
>> 2:4.11.6+dfsg-0ubuntu1.9, but as expected no change.
>
>
> [global]
> ??? workgroup = CUSTOMER
> ??? realm = CUSTOMER.LOCAL
> ??? security = ADS
> ??? server string = %h server (Samba, Ubuntu)
>
> ??? idmap config * : backend = tdb
> ??? idmap config * : range = 3000-7999
> ??? idmap config CUSTOMER : backend = rid
> ??? idmap config CUSTOMER : range = 10000-999999
> ??? template shell = /bin/bash
>
> ??? winbind use default domain = yes
> ??? winbind expand groups = 2
> ??? winbind refresh tickets = Yes
> ??? winbind separator = +
>
> ??? domain master = no
> ??? local master = no
> ??? preferred master = no
> ??? dns proxy = no
>
> ??? username map = /etc/samba/user.map
>
> ??? vfs objects = acl_xattr
> ??? map acl inherit = Yes
>
> ??? log file = /var/log/samba/log.%m
> ??? logging = file
> ??? map to guest = Bad User
> ??? max log size = 102400
>
> ??? panic action = /usr/share/samba/panic-action %d
> ??? server min protocol = NT1
> ??? usershare allow guests = Yes
> ??? acl allow execute always = Yes
>
> [daten]
> ??????? comment = Daten
> ??????? path = /home
> ??????? read only = No
>
> [testme]
> ??????? comment = Test-Share
> ??????? path = /share/testme
> ??????? read only = No
>
> Create /etc/samba/user.map containing this:
>
> !root = SUPERMARIO\Administrator
>
> Rowland
>
>
>
--
Bastian Sebode
Fachinformatiker Systemintegration
LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
LINET in den sozialen Netzwerken:
www.twitter.com/linetservices | www.facebook.com/linetservices
Wissenswertes aus der IT-Welt: www.linet-services.de/blog/
Gesch?ftsf?hrung: Timo Springmann, Mirko Savic und Moritz Bunkus
HR B 9170 Amtsgericht Braunschweig
USt-IdNr. DE 259 526 516