L.P.H. van Belle
2017-Aug-21 17:47 UTC
[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
after the change did you run : net cache flush and restart samba/winbind to be sure. maybe configure template homdir and shell also? for rid a must. Greetz Louis> Op 21 aug. 2017 om 18:16 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven: > > On Mon, 21 Aug 2017 17:25:31 +0200 > Martin Decker via samba <samba at lists.samba.org> wrote: > >> Dear Rowland, >> >> our windows admin assured me that they have set uidNumber and >> gidNumber in the range. I have requested screenshots for confirmation. >> >> Now we are one step further: "getent passwd | grep mdecker" now lists >> the AD account. >> >> mdecker:*:13667:7142:Decker, Martin:/home/MYDOM/mdecker:/bin/false >> >> With "getent passwd mdecker" however, it shows >> "NT_STATUS_NO_SUCH_USER". >> >> getent passwd mdecker >> >> winbindd_getpwnam: My domain -- rejecting getpwnam() for >> MYDOM\mdecker. Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER >> >> Also not working: >> >> getnet passwd mdecker >> getent passwd "MYDOM\\mdecker" >> >> What is working though is when i give REALM Suffix ".ADS" >> >> getent passwd "MYDOM.ADS\\mdecker" >> mdecker:*:13667:7142:Decker, Martin:/home/MYDOM/mdecker:/bin/false >> > > If I run: > getent passwd rowland > getent passwd "SAMDOM\rowland" > getent passwd "SAMDOM.EXAMPLE.COM\rowland" > > They all produce the same output: > > rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash > > Lets step back a bit here, is this just one Unix fileserver? > It also looks like you will not be using most of the RFC2307 > attributes, just UidNumber & gidNumber. > > if this is the case, have you considered the rid backend ? > With this, you do not need anything in AD, it uses the RID to calculate > the users or groups ID. > > If you change: > > idmap config * :backend = tdb > idmap config * : range = 1000000-1999999 > idmap config MYDOM : backend = ad > idmap config MYDOM : range = 100-999999 > idmap config MYDOM : schema_mode = rfc2307 > > To: > idmap config * :backend = tdb > idmap config * : range = 1000000-1999999 > idmap config MYDOM : backend = rid > idmap config MYDOM : range = 100-999999 > > You should get everything to work. > If it does, it proves that the problem is in AD > If it doesn't, then there must be a problem on your Unix domain member. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
- Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
- Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
- Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
- Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users