Rowland Penny
2015-Jan-30 21:12 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
On 30/01/15 20:48, Bob of Donelson Trophy wrote:> > > Okay, added 'gidNumber: 10000' to the domain users group on DC1. (Was > within my range 500-40000.) > > getnet passwd [user] returns nothing on DC1. > > W7 client still a "no". > > And now? > >Have you tried getent on the member server ? Lets forget W7 for the moment, get the Unix side working and then go to W7. If I run getent on the DC I get this: root at dc01:~# getent passwd rowland EXAMPLE\rowland:*:10000:10000:Rowland Penny:/home/HOME/rowland:/bin/bash So lets check a few files: /etc/resolv.conf should point to itself, I use search example.com nameserver 127.0.0.1 /etc/krb5.conf should contain this: [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true /etc/nsswitch.conf should have these two lines set like this: passwd: compat winbind group: compat winbind Finally can you run: pam-auth-update I have these enabled. Kerberos authentication Unix authentication Winbind NT/Active Directory authentication GNOME Keyring Daemon - Login keyring management ConsoleKit Session Management Inheritable Capabilities Management Rowland
Bob of Donelson Trophy
2015-Jan-30 21:19 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
Both DC1 and member server return nothing on 'getent passwd Administrator' I have no other users other than 'root' and 'Administrator' on all three (DC1, DC2 & member.) My plan was to get file permissions (aka profiles) working and add some test users. How do I add test users via linux side? (I'm with you, get linux side working first.) --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-01-30 15:12, Rowland Penny wrote:> On 30/01/15 20:48, Bob of Donelson Trophy wrote: > >> Okay, added 'gidNumber: 10000' to the domain users group on DC1. (Was within my range 500-40000.) getnet passwd [user] returns nothing on DC1. W7 client still a "no". And now? > > Have you tried getent on the member server ? > > Lets forget W7 for the moment, get the Unix side working and then go to W7. > > If I run getent on the DC I get this: > > root at dc01:~# getent passwd rowland > EXAMPLErowland:*:10000:10000:Rowland Penny:/home/HOME/rowland:/bin/bash > > So lets check a few files: > > /etc/resolv.conf should point to itself, I use > > search example.com > nameserver 127.0.0.1 > > /etc/krb5.conf should contain this: > > [libdefaults] > default_realm = EXAMPLE.COM > dns_lookup_realm = false > dns_lookup_kdc = true > > /etc/nsswitch.conf > > should have these two lines set like this: > > passwd: compat winbind > group: compat winbind > > Finally can you run: > > pam-auth-update > > I have these enabled. > > Kerberos authentication > Unix authentication > Winbind NT/Active Directory authentication > GNOME Keyring Daemon - Login keyring management > ConsoleKit Session Management > Inheritable Capabilities Management > > RowlandLinks: ------ [1] http://www.donelsontrophy.com
Rowland Penny
2015-Jan-30 21:52 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
On 30/01/15 21:19, Bob of Donelson Trophy wrote:> > > Both DC1 and member server return nothing on 'getent passwd > Administrator' > > I have no other users other than 'root' and 'Administrator' on all three > (DC1, DC2 & member.) > > My plan was to get file permissions (aka profiles) working and add some > test users. > > How do I add test users via linux side? (I'm with you, get linux side > working first.) > > --- > > ------------------------- > > Bob Wooden of Donelson Trophy > > 615.885.2846 (main) > www.donelsontrophy.com [1] > > "Everyone deserves an award!!" > > On 2015-01-30 15:12, Rowland Penny wrote: > >> On 30/01/15 20:48, Bob of Donelson Trophy wrote: >> >>> Okay, added 'gidNumber: 10000' to the domain users group on DC1. (Was within my range 500-40000.) getnet passwd [user] returns nothing on DC1. W7 client still a "no". And now? >> Have you tried getent on the member server ? >> >> Lets forget W7 for the moment, get the Unix side working and then go to W7. >> >> If I run getent on the DC I get this: >> >> root at dc01:~# getent passwd rowland >> EXAMPLErowland:*:10000:10000:Rowland Penny:/home/HOME/rowland:/bin/bash >> >> So lets check a few files: >> >> /etc/resolv.conf should point to itself, I use >> >> search example.com >> nameserver 127.0.0.1 >> >> /etc/krb5.conf should contain this: >> >> [libdefaults] >> default_realm = EXAMPLE.COM >> dns_lookup_realm = false >> dns_lookup_kdc = true >> >> /etc/nsswitch.conf >> >> should have these two lines set like this: >> >> passwd: compat winbind >> group: compat winbind >> >> Finally can you run: >> >> pam-auth-update >> >> I have these enabled. >> >> Kerberos authentication >> Unix authentication >> Winbind NT/Active Directory authentication >> GNOME Keyring Daemon - Login keyring management >> ConsoleKit Session Management >> Inheritable Capabilities Management >> >> Rowland > > > Links: > ------ > [1] http://www.donelsontrophy.comOK, you do it with samba-tool on the DC: if you run samba-tool user add --help, you will get a list of the available options, trouble is, you need samba-tool from 4.2rc4 and you need to patch this with Marc's patches to get all the Unix attributes So, I have attached the required files: samdb.py user.py addunixuser The first two go here: /usr/share/pyshared/samba/samdb.py /usr/share/pyshared/samba/netcmd/user.py the last is a bash script I wrote myself, put this in /usr/sbin/ Make it executable: chmod 0755 /usr/sbin/addunixuser Run it : addunixuser it will print the usage instructions :-) I am (over the weekend) going to set up a couple of VM's and install a DC and a member server using Louis's scripts, your problems are beginning to bug me (no disrespect to yourself) it should be easier than this :-D Rowland Rowland
Apparently Analagous Threads
- W7 client cannot adjust file permissions via ADUC
- W7 client cannot adjust file permissions via ADUC
- W7 client cannot adjust file permissions via ADUC
- Fwd: Re: W7 client cannot adjust file permissions via ADUC
- W7 client cannot adjust file permissions via ADUC