On Mon, 3 Oct 2016, Rowland Penny wrote:> On Mon, 3 Oct 2016, Rob wrote: >> # idmap config for domain >> idmap config MY.AD.REALM.COM:backend = ad >> idmap config MY.AD.REALM.COM:schema_mode = rfc2307 >> idmap config MY.AD.REALM.COM:range = 10000-99999[...]> > You might think it works fine, but it will probably work better if you > change 'idmap config MY.AD REALM.COM' to 'idmap config MYDOMAIN' > The 'ad' backend should start working properly then.Thanks Rowland, that works! Figured it was something simple. I'm actually surprised that the realm version worked at all then. -Rob
On Tue, 4 Oct 2016 11:35:13 -0400 (EDT) Rob via samba <samba at lists.samba.org> wrote:> On Mon, 3 Oct 2016, Rowland Penny wrote: > > > On Mon, 3 Oct 2016, Rob wrote: > >> # idmap config for domain > >> idmap config MY.AD.REALM.COM:backend = ad > >> idmap config MY.AD.REALM.COM:schema_mode = rfc2307 > >> idmap config MY.AD.REALM.COM:range = 10000-99999 > [...] > > > > You might think it works fine, but it will probably work better if > > you change 'idmap config MY.AD REALM.COM' to 'idmap config MYDOMAIN' > > The 'ad' backend should start working properly then. > > Thanks Rowland, that works! Figured it was something simple. I'm > actually surprised that the realm version worked at all then. > > -Rob > >You and me both ;-) Rowland
On Tue, 4 Oct 2016, Rob wrote:> On Mon, 3 Oct 2016, Rowland Penny wrote: > >> On Mon, 3 Oct 2016, Rob wrote: >>> # idmap config for domain >>> idmap config MY.AD.REALM.COM:backend = ad >>> idmap config MY.AD.REALM.COM:schema_mode = rfc2307 >>> idmap config MY.AD.REALM.COM:range = 10000-99999 > [...] >> >> You might think it works fine, but it will probably work better if you >> change 'idmap config MY.AD REALM.COM' to 'idmap config MYDOMAIN' >> The 'ad' backend should start working properly then. > > Thanks Rowland, that works! Figured it was something simple. I'm actually > surprised that the realm version worked at all then.Spoke too soon... I just checked and auser has a 20xx UID again. It was fine for a bit but no longer. $ wbinfo -i auser auser:*:2018:10000:User Name:/home/auser:/bin/bash Oddly, this seems to only affect ~3 of my 20 users and the same ~3 every time. _Rob
On Tue, 4 Oct 2016 12:29:19 -0400 (EDT) Rob via samba <samba at lists.samba.org> wrote:> > On Tue, 4 Oct 2016, Rob wrote: > > > On Mon, 3 Oct 2016, Rowland Penny wrote: > > > >> On Mon, 3 Oct 2016, Rob wrote: > >>> # idmap config for domain > >>> idmap config MY.AD.REALM.COM:backend = ad > >>> idmap config MY.AD.REALM.COM:schema_mode = rfc2307 > >>> idmap config MY.AD.REALM.COM:range = 10000-99999 > > [...] > >> > >> You might think it works fine, but it will probably work better if > >> you change 'idmap config MY.AD REALM.COM' to 'idmap config > >> MYDOMAIN' The 'ad' backend should start working properly then. > > > > Thanks Rowland, that works! Figured it was something simple. I'm > > actually surprised that the realm version worked at all then. > > Spoke too soon... I just checked and auser has a 20xx UID again. It > was fine for a bit but no longer. > > $ wbinfo -i auser > auser:*:2018:10000:User Name:/home/auser:/bin/bash > > Oddly, this seems to only affect ~3 of my 20 users and the same ~3 > every time. > > _Rob > >This is very strange, have you tried running 'net cache flush' on the domain member ? Have you compared the users AD objects ? Rowland
Am 04.10.2016 um 18:29 schrieb Rob via samba:> > On Tue, 4 Oct 2016, Rob wrote: > >> On Mon, 3 Oct 2016, Rowland Penny wrote: >> >>> On Mon, 3 Oct 2016, Rob wrote: >>>> # idmap config for domain >>>> idmap config MY.AD.REALM.COM:backend = ad >>>> idmap config MY.AD.REALM.COM:schema_mode = rfc2307 >>>> idmap config MY.AD.REALM.COM:range = 10000-99999 >> [...] >>> >>> You might think it works fine, but it will probably work better if you >>> change 'idmap config MY.AD REALM.COM' to 'idmap config MYDOMAIN' >>> The 'ad' backend should start working properly then. >> >> Thanks Rowland, that works! Figured it was something simple. I'm >> actually surprised that the realm version worked at all then. > > Spoke too soon... I just checked and auser has a 20xx UID again. It > was fine for a bit but no longer. > > $ wbinfo -i auser > auser:*:2018:10000:User Name:/home/auser:/bin/bash > > Oddly, this seems to only affect ~3 of my 20 users and the same ~3 > every time. > > _Rob > >Have you checked winbindd_idmap.tdb yet? Not having an samba domain member here but i'd run net idmap dump myidmap.tdb And inspect myidmap.tdb with tdbdump myidmap.tdb I expect an mapping for auser in there.