John R. Graham
2024-Nov-14 16:17 UTC
[Samba] Very strange: Samba is unable to access one of its own files
On 11/14/24 10:48, Rowland Penny via samba wrote:> The only things that a Samba AD DC pulls from AD is the uidNumber and > gidNumber attributes (if they are set) and only then if 'idmap_ldb:use > rfc2307 = yes' is set in the DCs smb.conf. > > What are you expecting ? > > RowlandOh. Well, I was expecting that the home directory and the shell attributes would be retrieved from AD--or else constructed from the 'template homedir' and 'template shell' lines in smb.conf. The values I set there were: ???? template shell = /bin/bash ???? template homedir = /home/%U but the getent is returning HOME\jgraham:*:10000:100::/home/SAMDOM/jgraham:/bin/false which appear to be the defaults for those two as opposed to what's specified in either smb.conf or AD. - John
Rowland Penny
2024-Nov-14 16:35 UTC
[Samba] Very strange: Samba is unable to access one of its own files
On Thu, 14 Nov 2024 11:17:11 -0500 "John R. Graham via samba" <samba at lists.samba.org> wrote:> On 11/14/24 10:48, Rowland Penny via samba wrote: > > The only things that a Samba AD DC pulls from AD is the uidNumber > > and gidNumber attributes (if they are set) and only then if > > 'idmap_ldb:use rfc2307 = yes' is set in the DCs smb.conf. > > > > What are you expecting ? > > > > Rowland > > Oh. Well, I was expecting that the home directory and the shell > attributes would be retrieved from ADNot on a DC, but you can do this on a Unix domain member, though I am beginning to think there isn't much point to it.> --or else constructed from > the 'template homedir' and 'template shell' lines in smb.conf. The > values I set there were: > > ???? template shell = /bin/bash > ???? template homedir = /home/%U >That should work.> but the getent is returning > > HOME\jgraham:*:10000:100::/home/SAMDOM/jgraham:/bin/false > > which appear to be the defaults for those two as opposed to what's > specified in either smb.conf or AD.Yes, they are the defaults, as is the '100' for 'users' which is mapped to Domain Users. I suggest you set a gidNumber on Domain Users, just in case you decide to run a Unix domain member in future with the 'ad' idmap backend. If all else fails, try rebooting the DC and see if that fixes it. This is from one of my DCs with 'template shell = /bin/bash' set: adminuser at tmpdc1:~ $ getent passwd rowland SAMDOM\rowland:*:3000020:100:Rowland Penny:/home/SAMDOM/rowland:/bin/bash You are running into one of the many reasons why it isn't recommended to use a Samba AD DC as a fileserver. Rowland
Possibly Parallel Threads
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files
- Very strange: Samba is unable to access one of its own files