Hello
I think I have a mapping problem.
The server was added to the domain with sudo net ads join -U
adj-compo at ur.local
The server is also connected to an LDAP server via SSD
When loading the user's homes, the server does not look for the correct
homedir path which should be /private/student/7/17/tdsi917 for the user
tdsi917
Here are the values and variables retrieved by the 3 commands:
# getent passwd ur\\tdsi917
tdsi917:*:16945606:16977729::/home/UR/tdsi917:/bin/false
# getent passwd tdsi917
tdsi917:*:122025:99999:test
dsi917:/private/student/7/17/tdsi917:/usr/local/bin/ur1shell
# id tdsi917
uid=122025(tdsi917) gid=99999
groupes=99999,16945606(tdsi917),16977729(domain
users),17138962($ijv700-jaannteirkd3),17169934($ert800-5ggunedtuc7k),17121891($3ue700-90qmsldqmphu),16975181($da1600-8q4gb3joj2c9),17156453($5mg800-qp8djjrmdrod),17155068($saf800-r89h2bc6j7a6),17098681($p8o600-b3lnss0ku69r),17098673($h8o600-asepe2uhj93k),17121890($2ue700-3vk366s8s8nf),17169935($frt800-8l9h6ago3m6l),17131976($8po700-dj95nr2nh69g),17138960($gjv700-3rcp24o2rlvs),17131837($tko700-b5g5n6ti3aor),17138961($hjv700-5pebr12ui2pt),16974329($pf0600-svtpf15svlnj),17144064($0j4800-12qqqai06tc5),16966428($soo500-kso5c5o4qd6c),17169933($drt800-91fnd965nvcg),17169365($l9t800-1i3jm4qpr31r),16777217(BUILTIN\users)
Here is my samba config /etc/samba/smb.conf
[global]
netbios name = spartacus-test
workgroup = ur
realm = UR.LOCAL
log file = /var/log/samba/%m.log
log level = 3
security = ads
idmap config * : backend = tdb
idmap config * : range = 16777216-33554431
idmap config UR : unix_nssinfo = no
idmap config UR: schema_mode = rfc2307
kerberos method = secrets only
winbind use default domain = yes
winbind enum users = yes
#winbind enum groups = yes
#template homedir = /home/%U
#============================ Printing =============================
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
#============================ Share Definitions
============================= [homes]
comment = Home Directories
browseable = No
read only = No
Here is the extract from the samba logs for a client connection :
NTLMSSP Sign/Seal - Initialising with flags:
[2024/03/27 16:29:27.881623, 3]
../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088215
[2024/03/27 16:29:27.888482, 3]
../../source3/smbd/password.c:84(register_homes_share)
Adding homes service for user 'UR\tdsi914' using home directory:
'/home/UR/tdsi914'
[2024/03/27 16:29:27.888775, 3]
../../source3/param/loadparm.c:1618(lp_add_home)
adding home's share [tdsi914] for user 'UR\tdsi914' at
'/home/UR/tdsi914'
The ood path for the home directory shoud be
/private/student/4/14/tdsi914, not /home/UR/tdsi914
Could you help me ?
--
On Thu, 28 Mar 2024 11:12:12 +0100 Arnaud Bougeard via samba <samba at lists.samba.org> wrote:> Hello > > I think I have a mapping problem. > > The server was added to the domain with sudo net ads join -U > adj-compo at ur.local > > The server is also connected to an LDAP server via SSD > > When loading the user's homes, the server does not look for the > correct homedir path which should be /private/student/7/17/tdsi917 > for the user tdsi917 > > Here are the values and variables retrieved by the 3 commands: > > # getent passwd ur\\tdsi917 > tdsi917:*:16945606:16977729::/home/UR/tdsi917:/bin/false > > # getent passwd tdsi917 > tdsi917:*:122025:99999:test > dsi917:/private/student/7/17/tdsi917:/usr/local/bin/ur1shell > > # id tdsi917 > uid=122025(tdsi917) gid=99999 > groupes=99999,16945606(tdsi917),16977729(domain > users),17138962($ijv700-jaannteirkd3),17169934($ert800-5ggunedtuc7k),17121891($3ue700-90qmsldqmphu),16975181($da1600-8q4gb3joj2c9),17156453($5mg800-qp8djjrmdrod),17155068($saf800-r89h2bc6j7a6),17098681($p8o600-b3lnss0ku69r),17098673($h8o600-asepe2uhj93k),17121890($2ue700-3vk366s8s8nf),17169935($frt800-8l9h6ago3m6l),17131976($8po700-dj95nr2nh69g),17138960($gjv700-3rcp24o2rlvs),17131837($tko700-b5g5n6ti3aor),17138961($hjv700-5pebr12ui2pt),16974329($pf0600-svtpf15svlnj),17144064($0j4800-12qqqai06tc5),16966428($soo500-kso5c5o4qd6c),17169933($drt800-91fnd965nvcg),17169365($l9t800-1i3jm4qpr31r),16777217(BUILTIN\users) > > > Here is my samba config /etc/samba/smb.conf > [global] > netbios name = spartacus-test > workgroup = ur > realm = UR.LOCALI do hope that '.local' is sanitisation for your correct TLD.> log file = /var/log/samba/%m.log > log level = 3 > security = ads > idmap config * : backend = tdb > idmap config * : range = 16777216-33554431The default domain '*' is meant for the Well Known SIDs (and there are less than 200 of them) and anything outside the 'UR' domain (so really 0), so why have you got a range that allows for 16 million, seven hundred and seventy seven thousand, two hundred and twenty five users?> idmap config UR : unix_nssinfo = no > idmap config UR: schema_mode = rfc2307It looks to me that you are possibly wanting to use the 'ad' idmap backend for the 'UR' domain, if so, you are a couple of lines missing (at least) idmap config UR : backend = ad idmap config UR : range = 10000-999999 Though this will require that you have added rfc2307 attributes to AD, have you done this ? Rowland