Hello All, I've bitten the bullet and upgraded from sernet-samba-4.2 to 4.6.4-SerNet-RedHat-7.el7. Now my AD users don't show up in Linux, with the result that the [homes] share fails to connect. Other shares work fine, it's just the homes share. There doesn't appear to be any uidNumber mapping going on. I used to be able to use the unix command 'id' to show user info, but that just reports 'no user' now. 'wbinfo -i' returns the correct data, and I've got my 'uidNumber' and 'gidNumber' fields correctly filled out in my AD. My smb.conf idmap entries are: idmap_ldb:use rfc2307 = yes idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config LAMBROOK:backend = ad idmap config LAMBROOK:schema_mode = rfc2307 idmap config LAMBROOK:range = 10000-99999 idmap config LAMBROOK:unix_nss_info = yes idmap config LAMBROOK : unix_primary_group = yes winbind nss info = rfc2307 My idmap.ldb file contains this for my SID: # record 143 dn: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 cn: S-1-5-21-xxxxxx-xxxxx-xxxxxx-1002 objectClass: sidMap objectSid: S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 type: ID_TYPE_BOTH xidNumber: 3000017 distinguishedName: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 wbinfo -i tim.odriscoll: LAMBROOK\tim.odriscoll:*:2000:100:Tim ODriscoll:/home/LAMBROOK/tim.odriscoll:/bin/false Have I totally messed the idmaps up? I've tried changing my xidNumber to '2000' and I still get an error 53 (path not found) from Windows, and my filesystem permissions still don't map to usernames. I've turned smb.conf debugging up to 5 and there doesn't appear to be any errors in log.smbd.. How can I go about fixing this? Many thanks, Tim
Edit: After trawling the logs at level 5, I found this after a 'net use' attempt: Get_Pwnam_internals didn't find user [LAMBROOK\tim.odriscoll]! So, how does one go about fixing that error? Many thanks, Tim From: samba <samba-bounces at lists.samba.org> on behalf of Tim ODriscoll via samba <samba at lists.samba.org> Sent: 27 May 2017 10:25 To: samba at lists.samba.org Subject: [Samba] idmap woes after upgrade Hello All, I've bitten the bullet and upgraded from sernet-samba-4.2 to 4.6.4-SerNet-RedHat-7.el7. Now my AD users don't show up in Linux, with the result that the [homes] share fails to connect. Other shares work fine, it's just the homes share. There doesn't appear to be any uidNumber mapping going on. I used to be able to use the unix command 'id' to show user info, but that just reports 'no user' now. 'wbinfo -i' returns the correct data, and I've got my 'uidNumber' and 'gidNumber' fields correctly filled out in my AD. My smb.conf idmap entries are: idmap_ldb:use rfc2307 = yes idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config LAMBROOK:backend = ad idmap config LAMBROOK:schema_mode = rfc2307 idmap config LAMBROOK:range = 10000-99999 idmap config LAMBROOK:unix_nss_info = yes idmap config LAMBROOK : unix_primary_group = yes winbind nss info = rfc2307 My idmap.ldb file contains this for my SID: # record 143 dn: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 cn: S-1-5-21-xxxxxx-xxxxx-xxxxxx-1002 objectClass: sidMap objectSid: S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 type: ID_TYPE_BOTH xidNumber: 3000017 distinguishedName: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 wbinfo -i tim.odriscoll: LAMBROOK\tim.odriscoll:*:2000:100:Tim ODriscoll:/home/LAMBROOK/tim.odriscoll:/bin/false Have I totally messed the idmaps up? I've tried changing my xidNumber to '2000' and I still get an error 53 (path not found) from Windows, and my filesystem permissions still don't map to usernames. I've turned smb.conf debugging up to 5 and there doesn't appear to be any errors in log.smbd.. How can I go about fixing this? Many thanks, Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Sat, 27 May 2017 09:25:24 +0000 Tim ODriscoll via samba <samba at lists.samba.org> wrote:> Hello All, > > I've bitten the bullet and upgraded from sernet-samba-4.2 to > 4.6.4-SerNet-RedHat-7.el7. > > Now my AD users don't show up in Linux, with the result that the > [homes] share fails to connect. Other shares work fine, it's just the > homes share. There doesn't appear to be any uidNumber mapping going > on. > > I used to be able to use the unix command 'id' to show user info, but > that just reports 'no user' now. 'wbinfo -i' returns the correct > data, and I've got my 'uidNumber' and 'gidNumber' fields correctly > filled out in my AD. > > My smb.conf idmap entries are: > idmap_ldb:use rfc2307 = yes > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > idmap config LAMBROOK:backend = ad > idmap config LAMBROOK:schema_mode = rfc2307 > idmap config LAMBROOK:range = 10000-99999 > idmap config LAMBROOK:unix_nss_info = yes > idmap config LAMBROOK : unix_primary_group = yes > winbind nss info = rfc2307 > > My idmap.ldb file contains this for my SID: > # record 143 > dn: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 > cn: S-1-5-21-xxxxxx-xxxxx-xxxxxx-1002 > objectClass: sidMap > objectSid: S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 > type: ID_TYPE_BOTH > xidNumber: 3000017 > distinguishedName: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002 > > wbinfo -i tim.odriscoll: > LAMBROOK\tim.odriscoll:*:2000:100:Tim > ODriscoll:/home/LAMBROOK/tim.odriscoll:/bin/false > > Have I totally messed the idmaps up? I've tried changing my xidNumber > to '2000' and I still get an error 53 (path not found) from Windows, > and my filesystem permissions still don't map to usernames. > > I've turned smb.conf debugging up to 5 and there doesn't appear to be > any errors in log.smbd.. How can I go about fixing this?Hmm, you mention: 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' Is this on a DC or a Unix domain member ? Rowland
Hi Rowland, On 27 May 2017 11:39:> Hmm, you mention: > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > Is this on a DC or a Unix domain member ?This is on a DC. I only have two centOS7 AD DC's in my environment.. Tim