niya levi
2016-Mar-29 15:57 UTC
[Samba] setup-sysvol-bidirectional.sh unable to id administrator
hi everyone i have setup and run L.v. Belle's setup-sysvol-bidirectional.sh all seems to be ok except that i cannot id or getent passwd administrator id returns no such user getent returns nothing but samba-tool user list and wbinfo -u returns Administrator in their lists id and getent reports other samba users as normal. i have sssd in my nsswitch.conf, not sure if that makes any difference how do i fix id administrator. shadrock
L.P.H. van Belle
2016-Mar-30 06:28 UTC
[Samba] setup-sysvol-bidirectional.sh unable to id administrator
Hai, Dont fix administrator, i would say, but i dont use sssd, so thats something i cant say. But if you need an administrator, create a new user, add him to the Domain Admins group. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens niya levi > Verzonden: dinsdag 29 maart 2016 17:58 > Aan: samba at lists.samba.org > Onderwerp: [Samba] setup-sysvol-bidirectional.sh unable to id > administrator > > hi everyone > i have setup and run L.v. Belle's setup-sysvol-bidirectional.sh > all seems to be ok except that i cannot id or getent passwd administrator > id returns no such user > getent returns nothing > but samba-tool user list and wbinfo -u returns Administrator in their > lists > id and getent reports other samba users as normal. > i have sssd in my nsswitch.conf, not sure if that makes any difference > how do i fix id administrator. > shadrock > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
mathias dufresne
2016-Apr-01 15:14 UTC
[Samba] setup-sysvol-bidirectional.sh unable to id administrator
Hi Shadrock, SSSD refuse, by design, to generate user with uid=0. This wasn't always the case and I don't know when this change happened. In recent versions it should still the case. So if you set up your administrator with uid=0, SSSD will refuse to make that user available on system side (ie: id administrator won't work). Now if you didn't add uid=0 to your administrator that could be an issue with PAM or SSSD configuration. To make SSSD (or nslcd or winbind) working you must configure: - nsswitch.conf - PAM - potentially the tool itself (ie: sssd) wbinfo -u has nothing to do with this set up because you don't use winbind to generate user from AD. wbinfo is a winbind tool... But as it seems you are speaking about generating users from AD on your DC (by opposition with "on member server") I would avoid SSSD and use winbind which don't need much configuration by itself as it is designed to generate users in "windows style" and "windows style" user (ie user generated with primaryGroupID for main group rather than gidNumber which is for UNIX users, same for UID which is RID in windows style) are what you realy want to have on DC to match ACLs on sysvol when accessing GPO from Windows clients (this because on DC if you have no file service except for sysvol, no UNIX user would access DC for fiel sharing but Windows users will always try to access sysvol to get GPO). Hoping this help to clarify a little bit, have a nice day, mathias 2016-03-30 8:28 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>:> Hai, > > Dont fix administrator, i would say, but i dont use sssd, so thats > something i cant say. > But if you need an administrator, create a new user, add him to the Domain > Admins group. > > > Greetz, > > Louis > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens niya levi > > Verzonden: dinsdag 29 maart 2016 17:58 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] setup-sysvol-bidirectional.sh unable to id > > administrator > > > > hi everyone > > i have setup and run L.v. Belle's setup-sysvol-bidirectional.sh > > all seems to be ok except that i cannot id or getent passwd administrator > > id returns no such user > > getent returns nothing > > but samba-tool user list and wbinfo -u returns Administrator in their > > lists > > id and getent reports other samba users as normal. > > i have sssd in my nsswitch.conf, not sure if that makes any difference > > how do i fix id administrator. > > shadrock > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >