John R. Graham
2024-Nov-14 14:52 UTC
[Samba] Very strange: Samba is unable to access one of its own files
On 11/13/24 15:54, Rowland Penny via samba wrote:>> ??? log level = 1 >> >> ??? # dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool >> >> ??? # Winbindd setup for shares: >> ??? # template shell = /bin/bash >> ??? # template homedir = /home/%U >> >> ??? # idmap_nss plugin setup: >> ??? idmap config * : backend = tdb >> ??? idmap config * : range = 1000000-3999999 >> >> ??? idmap config SAMBA : backend? = nss >> ??? idmap config SAMBA : range = 1000-999999 > You should remove the 'idmap config' lines, they should never be set on > a DC.Thanks again! As soon as the idmap lines were removed--and Samba was restarted--sanity was restored. I also uncommented these lines: ??? template shell = /bin/bash ??? template homedir = /home/%U I do get an unexpected result from retrieving my domain user's passwd line: ? ?? # getent passwd SAMDOM\\jgraham ???? SAMDOM\jgraham:*:10000:100::/home/SAMDOM/jgraham:/bin/false It appears that somehow the defaults from smb.conf are being ignored...or is it that the defaults were in place when the domain account was created? But, hmm, running ???? samba-tool user show -U Administrator jgraham gets me, among other things: ???? loginShell: /bin/bash ???? unixHomeDirectory: /home/jgraham Is the information that getent retrieves sourced somewhere else? - John
Rowland Penny
2024-Nov-14 15:04 UTC
[Samba] Very strange: Samba is unable to access one of its own files
On Thu, 14 Nov 2024 09:52:47 -0500 "John R. Graham via samba" <samba at lists.samba.org> wrote:> On 11/13/24 15:54, Rowland Penny via samba wrote: > >> ??? log level = 1 > >> > >> ??? # dns update command = /usr/sbin/samba_dnsupdate > >> --use-samba-tool > >> > >> ??? # Winbindd setup for shares: > >> ??? # template shell = /bin/bash > >> ??? # template homedir = /home/%U > >> > >> ??? # idmap_nss plugin setup: > >> ??? idmap config * : backend = tdb > >> ??? idmap config * : range = 1000000-3999999 > >> > >> ??? idmap config SAMBA : backend? = nss > >> ??? idmap config SAMBA : range = 1000-999999 > > You should remove the 'idmap config' lines, they should never be > > set on a DC. > > Thanks again! As soon as the idmap lines were removed--and Samba was > restarted--sanity was restored. I also uncommented these lines: > > ??? template shell = /bin/bash > ??? template homedir = /home/%U > > I do get an unexpected result from retrieving my domain user's passwd > line: > > ? ?? # getent passwd SAMDOM\\jgraham > ???? SAMDOM\jgraham:*:10000:100::/home/SAMDOM/jgraham:/bin/false > > It appears that somehow the defaults from smb.conf are being > ignored...or is it that the defaults were in place when the domain > account was created? But, hmm, running > > ???? samba-tool user show -U Administrator jgraham > > gets me, among other things: > > ???? loginShell: /bin/bash > ???? unixHomeDirectory: /home/jgraham > > Is the information that getent retrieves sourced somewhere else?Yes and then again no ;-) Try running 'net cache flush' and try again with getent. The first time Samba is asked for a users details it gets it from AD, but it also then caches the details to speed things up, you are probably reading from the cache. Rowland
Possibly Parallel Threads
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files