Rowland penny
2020-Dec-16 16:17 UTC
[Samba] Users can't mount shares on a domain member file server
On 16/12/2020 15:58, MAS Jean-Louis via samba wrote:> Le 15/12/2020 ? 18:29, Rowland penny via samba a ?crit : > > Thanks a lot for your advices > > We changed our conf files /etc/nsswitch.conf and smb.conf (see below) > > Now our Linux users can't connect as their gid and $HOME are totally > wrong, they seems to be generated by winbind in the 400000 range.You are getting ID's in the 400000 range because that is what you have set in the '*' domain and as you are getting number such as '400002', then 'jlmas' does not have a uidNumber attribute containing a number inside the '500-400000' range or Domain Users does not have a gidNumber attribute containing a number inside the same range, or to put it another way: Have you manually added uidNumber and gidNumber attributes to your users & groups in AD ? Rowland
MAS Jean-Louis
2020-Dec-16 17:01 UTC
[Samba] Users can't mount shares on a domain member file server
Le 16/12/2020 ? 17:17, Rowland penny via samba a ?crit?:> You are getting ID's in the 400000 range because that is what you have > set in the '*' domain and as you are getting number such as '400002', > then 'jlmas' does not have a uidNumber attribute containing a number > inside the '500-400000' range or Domain Users does not have a gidNumber > attribute containing a number inside the same range, or to put it > another way: > > Have you manually added uidNumber and gidNumber attributes to your users > & groups in AD ?Yes. In fact our only source of authentication for Linux and Windows is our AD Samba4. We have added all the posix accounts attributes to our users when we created them. For example, this is my account directly from our Samba4 AD-DC, my uidNumber and gidNumber are within the "example" domain range we defined in smb.conf # ldbsearch --url=/var/lib/samba/private/sam.ldb -b dc=example,dc=com sAMAccountName=jlmas # record 1 dn: CN=jlmas,CN=Users,DC=example,DC=com cn: jlmas sn: Mas givenName: Jean-Louis instanceType: 4 whenCreated: 20140306151708.0Z uSNCreated: 4464 name: jlmas objectGUID: 52c807de-e9dc-470e-973c-79c1d5a4ea9d badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 objectSid: S-1-5-21-2072931574-2052698178-2371456486-1847 accountExpires: 9223372036854775807 sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com uid: jlmas mail: Jean-Louis.Mas at imag.fr departmentNumber: LIG uidNumber: 20025 gidNumber: 20000 sAMAccountName: jlmas loginShell: /bin/bash userPrincipalName: jlmas objectClass: top objectClass: securityPrincipal objectClass: posixAccount objectClass: shadowAccount objectClass: person objectClass: organizationalPerson objectClass: user objectClass: inetOrgPerson homeDrive: Z: memberOf: CN=labolig,CN=Users,DC=example,DC=com memberOf: CN=wikimisi,CN=Users,DC=example,DC=com memberOf: CN=Domain Users,CN=Users,DC=example,DC=com displayName: MAS Jean-Louis unixHomeDirectory: /home/misi/jlmas/ homeDirectory: \\casa.example.fr\jlmas lockoutTime: 0 shadowLastChange: 17207 pwdLastSet: 131312188300000000 msDS-SupportedEncryptionTypes: 0 userAccountControl: 66048 primaryGroupID: 2906 lastLogonTimestamp: 132521711392051480 whenChanged: 20201211143859.0Z uSNChanged: 110344 lastLogon: 132525243595119210 logonCount: 1717 distinguishedName: CN=jlmas,CN=Users,DC=example,DC=com # Referral ref: ldap://example.fr/CN=Configuration,DC=example,DC=com # Referral ref: ldap://example.fr/DC=DomainDnsZones,DC=example,DC=com # Referral ref: ldap://example.fr/DC=ForestDnsZones,DC=example,DC=com # returned 4 records # 1 entries # 3 referrals Regards -- Jean Louis Mas -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201216/821c3c0e/OpenPGP_signature.sig>