Greetings, I have Samba 4.4.7 running on several Sparc boxes running Solaris 9 as member servers in an Active Directory environment. (I do not control the AD configuration) I am able to connect to the servers using windows clients and smbclient - the problem I have run into is when I try to add domain users to local groups on the Samba servers I am told the users do not exist. As these users I can connect to shared folders, I can log into the host using the active directory user's ID and password What I see: # net sam addmem urbanweb ADDOMAIN\\1001362 Adding domain group member failed with NT_STATUS_NO_SUCH_USER Not seeing any hints in the log files even at level 10. Any thoughts on what to look at/for? Thank you Bob Martel -- *********************************************************************** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.martel at csuohio.edu ***********************************************************************
On Wed, 16 Nov 2016 16:14:58 -0500 Robert Martel via samba <samba at lists.samba.org> wrote:> Greetings, > > I have Samba 4.4.7 running on several Sparc boxes running Solaris 9 > as member servers in an Active Directory environment. (I do not > control the AD configuration) > > I am able to connect to the servers using windows clients and > smbclient > - the problem I have run into is when I try to add domain users to > local groups on the Samba servers I am told the users do not exist. > > As these users I can connect to shared folders, I can log into the > host using the active directory user's ID and password > > What I see: > > # net sam addmem urbanweb ADDOMAIN\\1001362 > Adding domain group member failed with NT_STATUS_NO_SUCH_USER > > Not seeing any hints in the log files even at level 10. > > Any thoughts on what to look at/for? > > Thank you > Bob Martel >Provided that the group urbanweb exists in /etc/group and your users are shown by getent passwd or id, then you could try the unix tools i.e. usermod -G urbanweb ADDOMAIN\\1001362 Rowland
On 11/16/2016 04:34 PM, Rowland Penny via samba wrote:> Provided that the group urbanweb exists in /etc/group and your users > are shown by getent passwd or id, then you could try the unix tools > i.e. usermod -G urbanweb ADDOMAIN\\1001362 > > RowlandGreetings, Thank you for the response. the matching UNIX group exists. Been using local groups on Samba for years. # getent passwd "ADDOMAIN\\1001362" 1001362:*:2091888:2000513:Robert M Martel:/home/1001362:/usr/bin/bash wbinfo returns useful information # wbinfo -i 1001362 1001362:*:2091888:2000513:Robert M Martel:/home/1001362:/usr/bin/bash I can "su" to an AD user without a problem. I can access shared folders as that user, I just cant add anyone to a samba local group. My test Solaris 10 machine running same version of samba does not exhibit this problem. usermod said the user did not exist - but I want to add user to Samba local group, not the UNIX group in /etc/group. # usermod -G urbanweb ADDOMAIN\\1001362 UX: usermod: ERROR: ADDOMAIN\1001362 is not a local user. -Bob -- *********************************************************************** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.martel at csuohio.edu ***********************************************************************