On 31 January 2016 at 08:32, Rowland penny <rpenny at samba.org> wrote:> On 30/01/16 21:01, Henry McLaughlin wrote: > >> On 30 January 2016 at 23:16, Rowland penny <rpenny at samba.org> wrote: >> >> >> Thanks Rowland (once again) >> >> with the usermapping in the smb.conf file and it's associated file there >> are still no domain accounts returned from getent (user or group) >> > > The root usermapping has nothing to do with getent, but you need it on > domain member to change file & directory ACLs from a windows machine. > > >> Regarding UIDs & GIDs I understood the advantage of using RID what that >> there were no UIDs or GIDs required as they are calculated on the run >> based >> upon SID. Accordingly do I still need to add them as I am using RID ? >> > > No, I was in rush to go somewhere and missed the word 'rid', sorry :-) > But getent still won't show anything for the users you posted i.e. > Administrator, krbtgt and guest, they come under the heading of builtin > users and will be mapped to numbers from the range '2000-9999' and as such > will not be shown by getent. > > Try adding a new domain user, this user should get a RID of 1000 or above, > the idmap_rid backend should calculate the users UID from 'ID = RID - > BASE_RID + LOW_RANGE_ID', so if his RID is 1000, this becomes: > > ID = 1000 - 0 + 10000 > ID = 11000 > This is what 'getent passwd domainuser' should return, there is however > another gotcha, the later versions (I forget at which version it started > from) of Samba do not return any domain users if you just run 'getent > passwd', you must ask for the user by name i.e. 'getent passwd domainuser' > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Still no success: root at aphrodite:~# wbinfo -u henry administrator krbtgt guest root at aphrodite:~# getent passwd henry root at aphrodite:~# id henry id: henry: no such user root at aphrodite:~#
On 31/01/16 02:07, Henry McLaughlin wrote:> On 31 January 2016 at 08:32, Rowland penny <rpenny at samba.org> wrote: > >> On 30/01/16 21:01, Henry McLaughlin wrote: >> >>> On 30 January 2016 at 23:16, Rowland penny <rpenny at samba.org> wrote: >>> >>> >>> Thanks Rowland (once again) >>> >>> with the usermapping in the smb.conf file and it's associated file there >>> are still no domain accounts returned from getent (user or group) >>> >> The root usermapping has nothing to do with getent, but you need it on >> domain member to change file & directory ACLs from a windows machine. >> >> >>> Regarding UIDs & GIDs I understood the advantage of using RID what that >>> there were no UIDs or GIDs required as they are calculated on the run >>> based >>> upon SID. Accordingly do I still need to add them as I am using RID ? >>> >> No, I was in rush to go somewhere and missed the word 'rid', sorry :-) >> But getent still won't show anything for the users you posted i.e. >> Administrator, krbtgt and guest, they come under the heading of builtin >> users and will be mapped to numbers from the range '2000-9999' and as such >> will not be shown by getent. >> >> Try adding a new domain user, this user should get a RID of 1000 or above, >> the idmap_rid backend should calculate the users UID from 'ID = RID - >> BASE_RID + LOW_RANGE_ID', so if his RID is 1000, this becomes: >> >> ID = 1000 - 0 + 10000 >> ID = 11000 >> This is what 'getent passwd domainuser' should return, there is however >> another gotcha, the later versions (I forget at which version it started >> from) of Samba do not return any domain users if you just run 'getent >> passwd', you must ask for the user by name i.e. 'getent passwd domainuser' >> >> Rowland >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > Still no success: > > root at aphrodite:~# wbinfo -u > henry > administrator > krbtgt > guest > root at aphrodite:~# getent passwd henry > root at aphrodite:~# id henry > id: henry: no such user > root at aphrodite:~#What OS are you using and what version of Samba ? This should work for 'henry', so it may be that PAM isn't setup correctly. Rowland
Hi, If your system is Debian use: ln -s /usr/local/samba/lib/libnss_winbind.so /lib/x86_64-linux-gnu/ ln -s /lib/x86_64-linux-gnu/libnss_winbind.so /lib/x86_64-linux-gnu/libnss_winbind.so.2 And "getent passwd" will show the domain users. Maybe you need restart de server. Att, Este e-mail foi enviado por um computador sem vírus e protegido pelo Avast. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2> André Freire Sócio Diretor E-mail: andre.freire at hotfixtecnologia.com.br skype: andrefreire.hf Tel: (71)9381-7372 2016-01-31 7:03 GMT-02:00 Rowland penny <rpenny at samba.org>:> On 31/01/16 02:07, Henry McLaughlin wrote: > >> On 31 January 2016 at 08:32, Rowland penny <rpenny at samba.org> wrote: >> >> On 30/01/16 21:01, Henry McLaughlin wrote: >>> >>> On 30 January 2016 at 23:16, Rowland penny <rpenny at samba.org> wrote: >>>> >>>> >>>> Thanks Rowland (once again) >>>> >>>> with the usermapping in the smb.conf file and it's associated file >>>> there >>>> are still no domain accounts returned from getent (user or group) >>>> >>>> The root usermapping has nothing to do with getent, but you need it on >>> domain member to change file & directory ACLs from a windows machine. >>> >>> >>> Regarding UIDs & GIDs I understood the advantage of using RID what that >>>> there were no UIDs or GIDs required as they are calculated on the run >>>> based >>>> upon SID. Accordingly do I still need to add them as I am using RID ? >>>> >>>> No, I was in rush to go somewhere and missed the word 'rid', sorry :-) >>> But getent still won't show anything for the users you posted i.e. >>> Administrator, krbtgt and guest, they come under the heading of builtin >>> users and will be mapped to numbers from the range '2000-9999' and as >>> such >>> will not be shown by getent. >>> >>> Try adding a new domain user, this user should get a RID of 1000 or >>> above, >>> the idmap_rid backend should calculate the users UID from 'ID = RID - >>> BASE_RID + LOW_RANGE_ID', so if his RID is 1000, this becomes: >>> >>> ID = 1000 - 0 + 10000 >>> ID = 11000 >>> This is what 'getent passwd domainuser' should return, there is however >>> another gotcha, the later versions (I forget at which version it started >>> from) of Samba do not return any domain users if you just run 'getent >>> passwd', you must ask for the user by name i.e. 'getent passwd >>> domainuser' >>> >>> Rowland >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> Still no success: >> >> root at aphrodite:~# wbinfo -u >> henry >> administrator >> krbtgt >> guest >> root at aphrodite:~# getent passwd henry >> root at aphrodite:~# id henry >> id: henry: no such user >> root at aphrodite:~# >> > > What OS are you using and what version of Samba ? > > This should work for 'henry', so it may be that PAM isn't setup correctly. > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >