samba - Dec 2016 - Join QNAP to a Samba AD

Hello,

  

I'm currently stuck with a QNAP NAS appliance (don't buy this !)

  

I have a Sernet Samba 4.5 as an AD controller and my QNAP have a Samba 4.0.25
(latest update)

  

All i want is to join the QNAP to the AD, the QNAP will act as the file
server.

  

The join in the official way is okay but the uid / gid mapping is f*cked.

  

I tried almost everything, change the idmap, manual join, ad / rid / autoid
mode ect ... when it work, i have bad uid/gids

  

When i set the idmap to start from 0 my gid 515 is good but other uid are bad.

  

For now, i changed the settings to match the wiki page of samba "Setup
samba
as an AD Domain Member" with ad backend rfc2307, winbind return the correct
user list, the SID are good but when wbinfo try to convert them to uid/gid i
have an error.

  

Exemple :

  

[/etc/config] # wbinfo -n begr00  
S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 SID_USER (1)  

  

[/etc/config] # wbinfo -S S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232  
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND  
Could not convert sid S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 to uid  

  

the winbind log, nothing really interesting

  

[2016/12/05 16:04:30.745570,  0]
../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
 Got sig[15] terminate (is_parent=0)  
[2016/12/05 16:08:31.349762,  0]
../lib/util/charset/codepoints.c:292(get_conv_handle)  
 dos charset 'CP850' unavailable - using ASCII  
[2016/12/05 16:09:13.256148,  0]
../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
 Got sig[15] terminate (is_parent=0)  

  

  

Here is my winbind/idmap config

  

winbind nss info = rfc2307  
winbind enum users = yes  
winbind enum groups = yes  
winbind cache time = 3600  
idmap config * : backend = tdb  
idmap config * : range = 3000-7999  
idmap config MYDOM:backend = ad  
idmap config MYDOM:schema_mode = rfc2307  
idmap config MYDOM:range = 10000-999999  

  

  

Can someone help me ?

  

Thank you, have a good day !

On Mon, 05 Dec 2016 15:43:09 +0000
contact--- via samba <samba at lists.samba.org> wrote:
> Hello,
> 
>   
> 
> I'm currently stuck with a QNAP NAS appliance (don't buy this !)
> 
>   
> 
> I have a Sernet Samba 4.5 as an AD controller and my QNAP have a
> Samba 4.0.25 (latest update)
> 
>   
> 
> All i want is to join the QNAP to the AD, the QNAP will act as the
> file server.
> 
>   
> 
> The join in the official way is okay but the uid / gid mapping is
> f*cked.
> 
>   
> 
> I tried almost everything, change the idmap, manual join, ad / rid /
> autoid mode ect ... when it work, i have bad uid/gids
> 
>   
> 
> When i set the idmap to start from 0 my gid 515 is good but other uid
> are bad.
> 
>   
> 
> For now, i changed the settings to match the wiki page of samba
> "Setup samba as an AD Domain Member" with ad backend rfc2307,
winbind
> return the correct user list, the SID are good but when wbinfo try to
> convert them to uid/gid i have an error.
> 
>   
> 
> Exemple :
> 
>   
> 
> [/etc/config] # wbinfo -n begr00  
> S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 SID_USER (1)  
> 
>   
> 
> [/etc/config] # wbinfo -S S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232  
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND  
> Could not convert sid S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 to uid  
> 
>   
> 
> the winbind log, nothing really interesting
> 
>   
> 
> [2016/12/05 16:04:30.745570,  0]
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
>  Got sig[15] terminate (is_parent=0)  
> [2016/12/05 16:08:31.349762,  0]
> ../lib/util/charset/codepoints.c:292(get_conv_handle)  
>  dos charset 'CP850' unavailable - using ASCII  
> [2016/12/05 16:09:13.256148,  0]
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
>  Got sig[15] terminate (is_parent=0)  
> 
>   
> 
>   
> 
> Here is my winbind/idmap config
> 
>   
> 
> winbind nss info = rfc2307  
> winbind enum users = yes  
> winbind enum groups = yes  
> winbind cache time = 3600  
> idmap config * : backend = tdb  
> idmap config * : range = 3000-7999  
> idmap config MYDOM:backend = ad  
> idmap config MYDOM:schema_mode = rfc2307  
> idmap config MYDOM:range = 10000-999999  
> 
>   
> 
>   
> 
> Can someone help me ?
> 
>   
> 
> Thank you, have a good day !
> 
Does 'Domain users' have a gidNumber attribute containing a number
between '10000-999999' ?

Rowland

Hello,

  

No it's a AD classicupgraded from a Samba 3 PDC

  

Here's a user example from my DC

  

uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users) groupes=513(MYDOM\domain us
ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041
(MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users)  

  

my first user start at uid 1001 (1000 was the administrator account on the S3
PDC)

and groups start at 1000, AD and old PDC have exactly the same uid/gid except
for specific AD builtin groups.

  

On Dec 5 2016, at 6:07 pm, Rowland Penny via samba <samba at
lists.samba.org>
wrote:  
> On Mon, 05 Dec 2016 15:43:09 +0000  
contact--- via samba <samba at lists.samba.org> wrote:
>
> > Hello,  
>  
>  
>  
> I'm currently stuck with a QNAP NAS appliance (don't buy this !)  
>  
>  
>  
> I have a Sernet Samba 4.5 as an AD controller and my QNAP have a  
> Samba 4.0.25 (latest update)  
>  
>  
>  
> All i want is to join the QNAP to the AD, the QNAP will act as the  
> file server.  
>  
>  
>  
> The join in the official way is okay but the uid / gid mapping is  
> f*cked.  
>  
>  
>  
> I tried almost everything, change the idmap, manual join, ad / rid /  
> autoid mode ect ... when it work, i have bad uid/gids  
>  
>  
>  
> When i set the idmap to start from 0 my gid 515 is good but other uid  
> are bad.  
>  
>  
>  
> For now, i changed the settings to match the wiki page of samba  
> "Setup samba as an AD Domain Member" with ad backend rfc2307,
winbind
> return the correct user list, the SID are good but when wbinfo try to  
> convert them to uid/gid i have an error.  
>  
>  
>  
> Exemple :  
>  
>  
>  
> [/etc/config] # wbinfo -n begr00  
> S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 SID_USER (1)  
>  
>  
>  
> [/etc/config] # wbinfo -S S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232  
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND  
> Could not convert sid S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 to uid  
>  
>  
>  
> the winbind log, nothing really interesting  
>  
>  
>  
> [2016/12/05 16:04:30.745570, 0]  
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
> Got sig[15] terminate (is_parent=0)  
> [2016/12/05 16:08:31.349762, 0]  
> ../lib/util/charset/codepoints.c:292(get_conv_handle)  
> dos charset 'CP850' unavailable - using ASCII  
> [2016/12/05 16:09:13.256148, 0]  
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
> Got sig[15] terminate (is_parent=0)  
>  
>  
>  
>  
>  
> Here is my winbind/idmap config  
>  
>  
>  
> winbind nss info = rfc2307  
> winbind enum users = yes  
> winbind enum groups = yes  
> winbind cache time = 3600  
> idmap config * : backend = tdb  
> idmap config * : range = 3000-7999  
> idmap config MYDOM:backend = ad  
> idmap config MYDOM:schema_mode = rfc2307  
> idmap config MYDOM:range = 10000-999999  
>  
>  
>  
>  
>  
> Can someone help me ?  
>  
>  
>  
> Thank you, have a good day !  
>
>
> Does 'Domain users' have a gidNumber attribute containing a number
between '10000-999999' ?
>
> Rowland
>
> \--  
To unsubscribe from this list go to the following URL and read the  
instructions: https://lists.samba.org/mailman/options/samba