2018-03-05 17:28 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 5 Mar 2018 17:15:44 +0100 > Marcin Kruk <askifyouneed at gmail.com> wrote: > > > I do not know if there is a uidNumber in Active Directory, I am not an > > administrator of Microsoft AD. > > So you claimed that I need add an extra parameters uidNumber and > > gidNumber to the MS Active Directory user, and add an extra value to > > each of them? I think that It will be impossible and too much extra > > work. I need similiar funcionality than it was in the previous > > version. So mabye I shoud change the backend parameter > > (tdb/ad/rid/autorid/ldap/nss)? > > > > I never claimed anything ;-) > I just asked a question and you have answered it, you don't have the > required attributes in AD for the 'ad' backend to work. > > It sounds like you need to use the 'rid' backend, this will work > without adding anything to AD. > > The problem with your old smb.conf working, but not your new one, is > hard to understand because the requirements haven't really changed. It > might help if you could post your old smb.conf > > Rowland > > >My oldfashined config: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM prefered master = no server string = servername security = ADS encrypt passwords = yes log file = /var/log/samba/%I max log size = 50 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind separator = + idmap uid = 2000-20000 idmap gid = 2000-20000 template shell = /bin/false template homedir = /mnt/sambahomedir/%D/%U wide links = yes follow symlinks = yes unix extensions = no interfaces = bond0 lo bind interfaces only = yes
On Mon, 5 Mar 2018 17:34:10 +0100 Marcin Kruk <askifyouneed at gmail.com> wrote:> 2018-03-05 17:28 GMT+01:00 Rowland Penny via samba > <samba at lists.samba.org>: > > > > The problem with your old smb.conf working, but not your new one, is > > hard to understand because the requirements haven't really changed. > > It might help if you could post your old smb.conf > > > > Rowland > > > > > >OK, try using these 'idmap config' lines instead of the ones you added: idmap config * : backend = tdb idmap config * : range = 1000000-1999999 idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 2000-20000 Rowland
2018-03-05 17:44 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 5 Mar 2018 17:34:10 +0100 > Marcin Kruk <askifyouneed at gmail.com> wrote: > > > 2018-03-05 17:28 GMT+01:00 Rowland Penny via samba > > <samba at lists.samba.org>: > > > > > > The problem with your old smb.conf working, but not your new one, is > > > hard to understand because the requirements haven't really changed. > > > It might help if you could post your old smb.conf > > > > > > Rowland > > > > > > > > > > > OK, try using these 'idmap config' lines instead of the ones you added: > > idmap config * : backend = tdb > idmap config * : range = 1000000-1999999 > idmap config MYDOMAIN : backend = rid > idmap config MYDOMAIN : range = 2000-20000 > > Rowland > >Now I get everything very clearly. Of course I had change backend to rid but... Even when I added backend = rid I get failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-...-13658 to uid But the crucial is the last string in the SID from the Microsoft AD followed by dash -13658 so I needed bigger range like idmap config DOMAIN : range = 200000-299999 bacause the number 13658 is added to min value 200000 so it is 200000+13658=213658 so the range must be appropriate Now after: net cache flush restart winbind wbinfo -S S-1-5-...-13658 shows 213658 chown DOMAIN+user1 dir_path Everytiing works perfectly I think that it should be more clarify in the SAMBA Active DIrectory documentation about this process :) Thank you for your help.