On 08/05/15 22:39, John Rykala wrote:>
> I am in the process of setting up a CentOS 6.6 w/ Samba 3.6 and am
> getting an error "Cound not get unix ID for SID xxxxxx" Am using
the
> same config files as I did on another similar install just changing
> the domain name. I was successful in joining the domain and wbinfo -u
> returns the list of all the users on the AD. I have installed MS
> Identity Management for Unix on the Server 2008R2 DC.
>
> My config file is:
>
> [global]
> workgroup = TESTNET
> realm = TESTNET.LOCAL
> security = ADS
> domain master = no
> local master = no
> prefered master = no
> os level = 0
>
> encrypt passwords = yes
> restrict anonymous = 2
>
> max protocol = SMB2
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=65536
> SO_RCVBUF=65536
> read raw = yes
> write raw = yes
> deadtime = 15
> keepalive = 600
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind nested groups = yes
> winbind refresh tickets = yes
> winbind expand groups = 4
> winbind normalize names = Yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
> idmap config TESTNET : backend = ad
> idmap config TESTNET : schema_mode = rfc2307
> idmap config TESTNET : range = 10000-99999
>
> disable spoolss = yes
> preferred master = no
> server string = Samba Server %v
> log level = 3
> log file = /var/log/samba/%m
> max log size = 25
>
OK, I would suggest you remove these lines:
encrypt passwords = yes
restrict anonymous = 2
max protocol = SMB2
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=65536
SO_RCVBUF=65536
read raw = yes
write raw = yes
keepalive = 600
They are either the default settings, not needed, or in the case of
'socket options' probably just making things worse.
You should probably also remove the second occurrence of 'preferred
master = no'
I am not saying this will cure your problem, but it will not hurt.
You say you changed the domain name, check it matches the one on the server.
Probably a stupid question, but do your users have a uidNumber
containing a number inside the range you set '10000-99999', also does
'Domain Users' have a gidNumber.
Finally, is selinux somehow getting in the way ?
Rowland