Hi Rowland, I haven't seen a base_rid parameter in his smb.cfg. That's why I advised to correct the value down to 1000 just to give it a try. I also had the problem of not getting any users with getent passwd with ad backend until I realized that all users must have a rfc2307 uid and must have a primary group in ad which also has a rfc2307 gid. The last thing is that what I missed. Example: Domain Users has got a gid of 10000 in ADUC Unix tab. The users also have a uid set in Unix tab and have primary group set to domain users. The ad backend only serves these users where this two things are set to getent passwd. Regards Tim Am 14. Februar 2015 10:41:11 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:>On 14/02/15 07:36, Tim wrote: >> You are using idmap module rid for your domain. I think getent passwd >could not resolve anything because of your id range. I would try a >range of 1000 (one thousand)-99999 and see what happens. >> New users in AD start with a rid of 1000. Well known Users like >administrator got their rid starting in the 500 range. >> >> You should think of using rfc2307. > >He was using the 'ad' backend and was getting nothing, so I advised him > >to change to the 'rid' backend. > >Samba, when using the 'rid' backend, calculates the users ID this way: > >ID = RID - BASE_RID + LOW_RANGE_ID > >which from his set up is: > >ID = RID - 0 + 10000 > >So if a user has a RID of 1000 > >ID = 1000 - 0 + 10000 > >ID = 11000 > >What I would try now is to add a couple of 9's to the high range and >see >if this then shows any users i.e. change 'range=10000-99999' to >'range=10000-9999999' > >It might just be that *all* his users have RID's higher than 99999 and >if this is so, samba will never show them. > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
On 14/02/15 10:26, Tim wrote:> Hi Rowland, > > I haven't seen a base_rid parameter in his smb.cfg. That's why I > advised to correct the value down to 1000 just to give it a try.If you do not set the base_rid, the default is 0, either all the users he has tried have RID's outside the range set in smb.conf or there is something strange going on, the 'rid' backend is usually the easiest to set up.> > I also had the problem of not getting any users with getent passwd > with ad backend until I realized that all users must have a rfc2307 > uid and must have a primary group in ad which also has a rfc2307 gid. > The last thing is that what I missed. > Example: > Domain Users has got a gid of 10000 in ADUC Unix tab. > The users also have a uid set in Unix tab and have primary group set > to domain users. The ad backend only serves these users where this two > things are set to getent passwd. >Yes you are correct, all of the above has to be true before the 'ad' backend will work. Rowland
On 14/02/15 13:43, Tim wrote:> > Am 14. Februar 2015 11:52:09 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >> On 14/02/15 10:26, Tim wrote: >>> I also had the problem of not getting any users with getent passwd >>> with ad backend until I realized that all users must have a rfc2307 >>> uid and must have a primary group in ad which also has a rfc2307 gid. >>> The last thing is that what I missed. >>> Example: >>> Domain Users has got a gid of 10000 in ADUC Unix tab. >>> The users also have a uid set in Unix tab and have primary group set >>> to domain users. The ad backend only serves these users where this >> two >>> things are set to getent passwd. >>> >> Yes you are correct, all of the above has to be true before the 'ad' >> backend will work. >> >> Rowland > I know. I wrote this so detailed so the opener can check this. Normally he should get his ad backend to work.OK, but basically, we have been there, done that :-) Rowland