Hi,
yes workgroup and domain are the same.
the DC?s are Server 2012 R2.
Regards,
-Oskari
> On 29. Mar 2021, at 22.22, Rowland penny via samba <samba at
lists.samba.org> wrote:
>
> On 29/03/2021 19:36, Oskari Koivisto via samba wrote:
>> Hi,
>>
>> I have 2 ceph clusters served via SMB-gateways to a single domain.
>> The cluster reside away from each other few thousand kilometers so
having 2 separate SMB-servers is a must.
>> The Samba works kind of, I can access the shares and am able to set
permissions to share-tab and security-tab if certain features are enabled. Or I
could, now it seems I?m not able to do that anymore.
>>
>> My hypothesis is that since having 2 samba-gateways both joined to
domain and having RID as a backend confuses the actual AD-part.
>>
>> From both gateways I can query the domain users and groups from getent
passwd. But the gateways return different ID-numbers.
>>
>> This is my current smb.conf:
>> [global]
>> workgroup = DOMAIN
>> netbios name = HOSTNAME
>> clustering = no
>> load printers = no
>> usershare allow guests = No
>> smbd: backgroundqueue = no
>> realm = DOMAIN
>> security = ADS
>> template homedir = /home/%D/%U
>> domain logons = No
>> domain master = No
>> wins support = no
>> password server = *
>> winbind refresh tickets = yes
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> idmap config MICT : backend = rid
>> idmap config MICT : range = 10000-20000
>> template shell = /bin/bash
>> username map = /etc/samba/user.map
>> vfs objects = acl_xattr
>> map acl inherit = yes
>> store dos attributes = yes
>
>
> Are your domain (workgroup) and realm the same (seemingly MICT) ?
>
> Other than that, your smb.conf looks okay, using the 'rid' backend
should not be a problem.
>
> What are the AD DC's ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba