thank you, but it was only a copy/paste mistake. My config looks like this: [global] security = ADS workgroup = EXAMPLE realm = EXAMPLE.LOCAL log file = /var/log/samba/%m.log log level = 1 # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use a read-write-enabled back end, such as tdb. # - Adding just this is not enough # - You must set a DOMAIN backend configuration, see below idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config EXAMPLE : backend = rid idmap config EXAMPLE : range = 1000000 - 1999999 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind refresh tickets = yes template shell = /bin/bash vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes acl allow execute always = yes [profiles] path = /home/EXAMPLE/profiles/ read only = no But it doesn't work with this configuration. Or does I need these lines also? I don't need a login of the domainusers. # Template settings for login shell and home directory winbind nss info = template template shell = /bin/bash template homedir = /home/%U 2018-05-14 23:28 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 14 May 2018 22:49:02 +0200 > Michael Funke via samba <samba at lists.samba.org> wrote: > > > Okay, I testet it and it doesn't help. Attached is also my smb.conf. > > May it is here. > > > > [global] > > # Default ID mapping configuration for local BUILTIN accounts > > # and groups on a domain member. The default (*) domain: > > # - must not overlap with any domain ID mapping configuration! > > # - must use a read-write-enabled back end, such as tdb. > > # - Adding just this is not enough > > # - You must set a DOMAIN backend configuration, see below > > idmap config * : backend = tdb > > idmap config * : range = 3000-7999 > > idmap config EXAMPLE : range = 1000000 - 1999999 > > > > > > > Any ideas? > > > > Yes, did you not understand this: > > # - Adding just this is not enough > # - You must set a DOMAIN backend configuration, see below > > Well, yes, you must have because you added this: > > idmap config EXAMPLE : range = 1000000 - 1999999 > > Pity it wasn't enough, can I suggest you read this again: > > https://wiki.samba.org/index.php/Idmap_config_ad > > And this: > > https://wiki.samba.org/index.php/Idmap_config_rid > > and decide which you want to use and then add the missing line(s) > > If you do not understand those pages, can you please try to explain what > you do not understand. Without feedback we think they are correct, if > nobody says 'I do not understand something', we will go on thinking > they are correct ;-) > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Tue, 15 May 2018 10:53:26 +0200 Michael Funke <maniac.macpain at gmail.com> wrote:> thank you, but it was only a copy/paste mistake. My config looks like > this: [global] > security = ADS > workgroup = EXAMPLE > realm = EXAMPLE.LOCAL > > log file = /var/log/samba/%m.log > log level = 1 > > # Default ID mapping configuration for local BUILTIN accounts > # and groups on a domain member. The default (*) domain: > # - must not overlap with any domain ID mapping configuration! > # - must use a read-write-enabled back end, such as tdb. > # - Adding just this is not enough > # - You must set a DOMAIN backend configuration, see below > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config EXAMPLE : backend = rid > idmap config EXAMPLE : range = 1000000 - 1999999 > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > winbind refresh tickets = yes > template shell = /bin/bash > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > > acl allow execute always = yes > > [profiles] > path = /home/EXAMPLE/profiles/ > read only = no > > But it doesn't work with this configuration.It should.> > Or does I need these lines also? I don't need a login of the > domainusers. > > # Template settings for login shell and home directory > winbind nss info = template > template shell = /bin/bash > template homedir = /home/%UYou only need those lines for users to log into the Unix domain member. Have you read this: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles Rowland> >
Yes I read it and made the permissions like this with windows ACLs. And that is the reason, why I need help. I'm also not sure if it is a SAMBA-problem. Any ideas? 2018-05-15 11:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 15 May 2018 10:53:26 +0200 > Michael Funke <maniac.macpain at gmail.com> wrote: > > > thank you, but it was only a copy/paste mistake. My config looks like > > this: [global] > > security = ADS > > workgroup = EXAMPLE > > realm = EXAMPLE.LOCAL > > > > log file = /var/log/samba/%m.log > > log level = 1 > > > > # Default ID mapping configuration for local BUILTIN accounts > > # and groups on a domain member. The default (*) domain: > > # - must not overlap with any domain ID mapping configuration! > > # - must use a read-write-enabled back end, such as tdb. > > # - Adding just this is not enough > > # - You must set a DOMAIN backend configuration, see below > > idmap config * : backend = tdb > > idmap config * : range = 3000-7999 > > idmap config EXAMPLE : backend = rid > > idmap config EXAMPLE : range = 1000000 - 1999999 > > winbind enum users = yes > > winbind enum groups = yes > > winbind use default domain = yes > > winbind refresh tickets = yes > > template shell = /bin/bash > > > > vfs objects = acl_xattr > > map acl inherit = yes > > store dos attributes = yes > > > > acl allow execute always = yes > > > > [profiles] > > path = /home/EXAMPLE/profiles/ > > read only = no > > > > But it doesn't work with this configuration. > > It should. > > > > > Or does I need these lines also? I don't need a login of the > > domainusers. > > > > # Template settings for login shell and home directory > > winbind nss info = template > > template shell = /bin/bash > > template homedir = /home/%U > > You only need those lines for users to log into the Unix domain member. > > Have you read this: > > https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles > > Rowland > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >