root at aphrodite:~# getent passwd administrator root at aphrodite:~# wbinfo -u administrator krbtgt guest root at aphrodite:~# cat /etc/samba/smb.conf [global] netbios name = APHRODITE security = ADS workgroup = DOMAIN realm = AD.DOMAIN.COM.AU log file = /var/log/samba/%m.log log level = 1 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes # Important: The ranges of the default (*) idmap config # and the domain(s) must not overlap! # Default idmap config used for BUILTIN and local accounts/groups idmap config *:backend = tdb idmap config *:range = 2000-9999 # idmap config for domain DOMAIN idmap config DOMAIN:backend = rid idmap config DOMAIN:range = 10000-99999 # Use template settings for login shell and home directory winbind nss info = template template shell = /sbin/bash template homedir = /home/%U root at aphrodite:~# root at aphrodite:~# cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis root at aphrodite:~#
On 30/01/16 11:55, Henry McLaughlin wrote:> root at aphrodite:~# getent passwd administratorOn a domain member this is quite correct, what you are missing from your smb.conf is something like this line: username map = /etc/samba/samba_usermapping with 'samba_usermapping' containing: !root = SAMDOM\Administrator SAMDOM\administrator NOTE: replace 'SAMDOM' with your domain name. Try adding a user with a uidNumber (probably containing 10000 as this would seem to be your first real user) and ensure Domain Users has a gidNumber (you can again use 10000) Rowland> root at aphrodite:~# wbinfo -u > administrator > krbtgt > guest > > > root at aphrodite:~# cat /etc/samba/smb.conf > [global] > > netbios name = APHRODITE > security = ADS > workgroup = DOMAIN > realm = AD.DOMAIN.COM.AU > > log file = /var/log/samba/%m.log > log level = 1 > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > winbind refresh tickets = yes > > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > > # Important: The ranges of the default (*) idmap config > # and the domain(s) must not overlap! > > # Default idmap config used for BUILTIN and local accounts/groups > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > > # idmap config for domain DOMAIN > idmap config DOMAIN:backend = rid > idmap config DOMAIN:range = 10000-99999 > > # Use template settings for login shell and home directory > winbind nss info = template > template shell = /sbin/bash > template homedir = /home/%U > root at aphrodite:~# > > > root at aphrodite:~# cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: compat winbind > group: compat winbind > shadow: compat > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > root at aphrodite:~#
On 30 January 2016 at 23:16, Rowland penny <rpenny at samba.org> wrote:> On 30/01/16 11:55, Henry McLaughlin wrote: > >> root at aphrodite:~# getent passwd administrator >> > > On a domain member this is quite correct, what you are missing from your > smb.conf is something like this line: > > username map = /etc/samba/samba_usermapping > > with 'samba_usermapping' containing: > > !root = SAMDOM\Administrator SAMDOM\administrator > > NOTE: replace 'SAMDOM' with your domain name. > > Try adding a user with a uidNumber (probably containing 10000 as this > would seem to be your first real user) and ensure Domain Users has a > gidNumber (you can again use 10000) > > Rowland >Thanks Rowland (once again) with the usermapping in the smb.conf file and it's associated file there are still no domain accounts returned from getent (user or group) Regarding UIDs & GIDs I understood the advantage of using RID what that there were no UIDs or GIDs required as they are calculated on the run based upon SID. Accordingly do I still need to add them as I am using RID ? root at aphrodite:~# wbinfo -u>> administrator >> krbtgt >> guest >> >> >> root at aphrodite:~# cat /etc/samba/smb.conf >> [global] >> >> netbios name = APHRODITE >> security = ADS >> workgroup = DOMAIN >> realm = AD.DOMAIN.COM.AU >> >> log file = /var/log/samba/%m.log >> log level = 1 >> >> dedicated keytab file = /etc/krb5.keytab >> kerberos method = secrets and keytab >> winbind refresh tickets = yes >> >> winbind trusted domains only = no >> winbind use default domain = yes >> winbind enum users = yes >> winbind enum groups = yes >> >> # Important: The ranges of the default (*) idmap config >> # and the domain(s) must not overlap! >> >> # Default idmap config used for BUILTIN and local accounts/groups >> idmap config *:backend = tdb >> idmap config *:range = 2000-9999 >> >> # idmap config for domain DOMAIN >> idmap config DOMAIN:backend = rid >> idmap config DOMAIN:range = 10000-99999 >> >> # Use template settings for login shell and home directory >> winbind nss info = template >> template shell = /sbin/bash >> template homedir = /home/%U >> root at aphrodite:~# >> >> >> root at aphrodite:~# cat /etc/nsswitch.conf >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc-reference' and `info' packages installed, >> try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd: compat winbind >> group: compat winbind >> shadow: compat >> >> hosts: files dns >> networks: files >> >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> netgroup: nis >> root at aphrodite:~# >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >