Am 2017-06-22 um 13:10 schrieb Rowland Penny via samba:> On Thu, 22 Jun 2017 12:56:25 +0200 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > >> Am 2017-06-22 um 10:44 schrieb Rowland Penny via samba: >> >>>> Can I fix that without breaking things? >>> >>> If your users have files stored on the domain members, probably not. >> >> I understand that this just creates the need to run some >> chown/chgrp-commands after correcting smb.conf and restarting samba? > > I suppose it boils down to your definition of 'breaking things' ;-) > A user suddenly getting a new ID would be a breakage for me. > Using chown will fix things.Adjusted settings on one server after stopping samba After a start (testparm OK) the output is still the same. Do I have to delete some local file or so to reforce new GIDs/UIDs? I now have: [global] realm = ABC.XYZ server string = samba08 workgroup = XYZ os level = 65 preferred master = No logon home logon path disable spoolss = Yes load printers = No printcap name = /dev/null dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab map to guest = Bad User map untrusted to domain = Yes security = ADS username map = /etc/samba/smbusers template shell = /bin/bash winbind enum groups = Yes winbind enum users = Yes winbind refresh tickets = Yes winbind use default domain = Yes idmap config lietz:schema_mode = rfc2307 idmap config lietz:range = 10000-99999 idmap config lietz:backend = rid idmap config *:range = 2000-9999 idmap config * : backend = tdb
On Mon, 26 Jun 2017 08:52:04 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-06-22 um 13:10 schrieb Rowland Penny via samba: > > On Thu, 22 Jun 2017 12:56:25 +0200 > > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > > > >> Am 2017-06-22 um 10:44 schrieb Rowland Penny via samba: > >> > >>>> Can I fix that without breaking things? > >>> > >>> If your users have files stored on the domain members, probably > >>> not. > >> > >> I understand that this just creates the need to run some > >> chown/chgrp-commands after correcting smb.conf and restarting > >> samba? > > > > I suppose it boils down to your definition of 'breaking things' ;-) > > A user suddenly getting a new ID would be a breakage for me. > > Using chown will fix things. > > Adjusted settings on one server after stopping samba > After a start (testparm OK) the output is still the same. > > Do I have to delete some local file or so to reforce new GIDs/UIDs? > > I now have: > > > [global] > realm = ABC.XYZ > server string = samba08 > workgroup = XYZ > os level = 65 > preferred master = No > logon home > logon path > disable spoolss = Yes > load printers = No > printcap name = /dev/null > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > map to guest = Bad User > map untrusted to domain = Yes > security = ADS > username map = /etc/samba/smbusers > template shell = /bin/bash > winbind enum groups = Yes > winbind enum users = Yes > winbind refresh tickets = Yes > winbind use default domain = Yes > idmap config lietz:schema_mode = rfc2307 > idmap config lietz:range = 10000-99999 > idmap config lietz:backend = rid > idmap config *:range = 2000-9999 > idmap config * : backend = tdb > >You will have to do one of three things: Run 'net cache flush', this will clear winbinds cache. Restart Samba, this will do the same as the above. Just wait, eventually the IDs will expire in the cache and winbind will get them again. Rowland
Am 2017-06-26 um 09:21 schrieb Rowland Penny via samba:> You will have to do one of three things: > > Run 'net cache flush', this will clear winbinds cache.That did it, thanks!> Restart Samba, this will do the same as the above.Not for me, I had restarted it. I also had tried # smbcontrol all reload-config as mentioned on https://wiki.samba.org/index.php/Idmap_config_rid> Just wait, eventually the IDs will expire in the cache and winbind will > get them again.will see what the next candidate does ;-)