Rowland Penny
2024-Nov-14 15:04 UTC
[Samba] Very strange: Samba is unable to access one of its own files
On Thu, 14 Nov 2024 09:52:47 -0500 "John R. Graham via samba" <samba at lists.samba.org> wrote:> On 11/13/24 15:54, Rowland Penny via samba wrote: > >> ??? log level = 1 > >> > >> ??? # dns update command = /usr/sbin/samba_dnsupdate > >> --use-samba-tool > >> > >> ??? # Winbindd setup for shares: > >> ??? # template shell = /bin/bash > >> ??? # template homedir = /home/%U > >> > >> ??? # idmap_nss plugin setup: > >> ??? idmap config * : backend = tdb > >> ??? idmap config * : range = 1000000-3999999 > >> > >> ??? idmap config SAMBA : backend? = nss > >> ??? idmap config SAMBA : range = 1000-999999 > > You should remove the 'idmap config' lines, they should never be > > set on a DC. > > Thanks again! As soon as the idmap lines were removed--and Samba was > restarted--sanity was restored. I also uncommented these lines: > > ??? template shell = /bin/bash > ??? template homedir = /home/%U > > I do get an unexpected result from retrieving my domain user's passwd > line: > > ? ?? # getent passwd SAMDOM\\jgraham > ???? SAMDOM\jgraham:*:10000:100::/home/SAMDOM/jgraham:/bin/false > > It appears that somehow the defaults from smb.conf are being > ignored...or is it that the defaults were in place when the domain > account was created? But, hmm, running > > ???? samba-tool user show -U Administrator jgraham > > gets me, among other things: > > ???? loginShell: /bin/bash > ???? unixHomeDirectory: /home/jgraham > > Is the information that getent retrieves sourced somewhere else?Yes and then again no ;-) Try running 'net cache flush' and try again with getent. The first time Samba is asked for a users details it gets it from AD, but it also then caches the details to speed things up, you are probably reading from the cache. Rowland
John R. Graham
2024-Nov-14 15:21 UTC
[Samba] Very strange: Samba is unable to access one of its own files
On 11/14/24 10:04, Rowland Penny via samba wrote:> Try running 'net cache flush' and try again with getent. > The first time Samba is asked for a users details it gets it from AD, > but it also then caches the details to speed things up, you are probably > reading from the cache. > > Rowland >Alas, 'net cache flush' had no effect. getent is still returning information inconsistent with what's stored in AD. - John
Apparently Analagous Threads
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files