I do not know if there is a uidNumber in Active Directory, I am not an administrator of Microsoft AD. So you claimed that I need add an extra parameters uidNumber and gidNumber to the MS Active Directory user, and add an extra value to each of them? I think that It will be impossible and too much extra work. I need similiar funcionality than it was in the previous version. So mabye I shoud change the backend parameter (tdb/ad/rid/autorid/ldap/nss)? 2018-03-05 16:53 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 5 Mar 2018 16:29:43 +0100 > Marcin Kruk via samba <samba at lists.samba.org> wrote: > > > I have samba-4.6.2-12.el7_4.x86_64 which is connected to WIndows > > Active Directory Server. > > > > When I use command wbinfo -u > > I can see a list of all users in AD domain > > MYDOMAIN+user1 > > MYDOMAIN+user2 > > At least this shows that winbind knows your AD users. > > > > > When I execute > > wbinfo -n user1 or > > wbinfo -n DOMAIN+user > > I get: > > S-1-5-21-... SID_USER (1) > > > > but when I execute > > wbinfo -S SID > > I get: > > Could not convert sid S-1-5-21-... to uid > > > > moreover when I try to chown the directory > > chown "DOMAIN+user1" directory_path > > I get: > > chown: invalid user: 'DOMAIN+user1’ > > Here we go with 1001th time of saying this ;-) > > Just because wbinfo shows your users & groups, doesnt mean your OS > knows who they are. > > > > > In the respectively configuration in samba samba-4.4.4-12.el7_3.x86_64 > > everything goes ok but configuration is without whole idmap config > > section. Its oldfashion style. > > I do not know mabye "backend = ad" is the problem of this > > configuration. But when I move configuration from the sama 4.4.4-12 > > server the problem still exists. > > It probably is the 'ad' backend, do your users have a 'uidNumber' > attribute in AD and does 'Domain Users' have a 'gidNumber' attribute ? > These numbers will need to be inside the '1000000-2000000' range you > have set in smb.conf. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Mon, 5 Mar 2018 17:15:44 +0100 Marcin Kruk <askifyouneed at gmail.com> wrote:> I do not know if there is a uidNumber in Active Directory, I am not an > administrator of Microsoft AD. > So you claimed that I need add an extra parameters uidNumber and > gidNumber to the MS Active Directory user, and add an extra value to > each of them? I think that It will be impossible and too much extra > work. I need similiar funcionality than it was in the previous > version. So mabye I shoud change the backend parameter > (tdb/ad/rid/autorid/ldap/nss)? >I never claimed anything ;-) I just asked a question and you have answered it, you don't have the required attributes in AD for the 'ad' backend to work. It sounds like you need to use the 'rid' backend, this will work without adding anything to AD. The problem with your old smb.conf working, but not your new one, is hard to understand because the requirements haven't really changed. It might help if you could post your old smb.conf Rowland
2018-03-05 17:28 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 5 Mar 2018 17:15:44 +0100 > Marcin Kruk <askifyouneed at gmail.com> wrote: > > > I do not know if there is a uidNumber in Active Directory, I am not an > > administrator of Microsoft AD. > > So you claimed that I need add an extra parameters uidNumber and > > gidNumber to the MS Active Directory user, and add an extra value to > > each of them? I think that It will be impossible and too much extra > > work. I need similiar funcionality than it was in the previous > > version. So mabye I shoud change the backend parameter > > (tdb/ad/rid/autorid/ldap/nss)? > > > > I never claimed anything ;-) > I just asked a question and you have answered it, you don't have the > required attributes in AD for the 'ad' backend to work. > > It sounds like you need to use the 'rid' backend, this will work > without adding anything to AD. > > The problem with your old smb.conf working, but not your new one, is > hard to understand because the requirements haven't really changed. It > might help if you could post your old smb.conf > > Rowland > > >My oldfashined config: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM prefered master = no server string = servername security = ADS encrypt passwords = yes log file = /var/log/samba/%I max log size = 50 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind separator = + idmap uid = 2000-20000 idmap gid = 2000-20000 template shell = /bin/false template homedir = /mnt/sambahomedir/%D/%U wide links = yes follow symlinks = yes unix extensions = no interfaces = bond0 lo bind interfaces only = yes