Hello Rowland and thanks for fast answer according with your suggestion i modified my smb.conf like this: [global] lanman auth = Yes log file = /var/log/samba/%m.log ntlm auth = ntlmv1-permitted realm = LXCERRUTI.COM security = ADS winbind offline logon = Yes winbind use default domain = Yes workgroup = LXCERRUTI idmap config lxcerruti : unix_nss_info = yes idmap config lxcerruti : schema_mode = rfc2307 idmap config lxcerruti : range = 3000-7999 idmap config lxcerruti : backend = ad idmap config * : range = 9000-17999 idmap config * : backend = tdb i restarted my member but : drwxrwx---. 3 3040 3290 150 23 mar 2017 vigna drwxrwx---. 2 3051 3238 6 20 mar 2014 zaia ids are always ids :-( any check or suggestions are really appreciated Il 26/10/2018 09:57, Rowland Penny via samba ha scritto:> Where <TYPE> can be 'ad' or 'rid'. > > As you have carried out a classicupgrade, you probably want 'ad', but > the 'range' must be appropriate to your user & group ID's in AD, > anything outside '9000-17999' will be ignored and if the gidNumber for > Domain Users isn't inside the range, all users will be ignored.-- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Facebook <https://www.facebook.com/LanificioCerruti> Instagram <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary
On Fri, 26 Oct 2018 10:20:21 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> Hello Rowland and thanks for fast answer > according with your suggestion i modified my smb.conf like this: > [global] > lanman auth = Yes > log file = /var/log/samba/%m.log > ntlm auth = ntlmv1-permitted > realm = LXCERRUTI.COM > security = ADS > winbind offline logon = Yes > winbind use default domain = Yes > workgroup = LXCERRUTI > idmap config lxcerruti : unix_nss_info = yes > idmap config lxcerruti : schema_mode = rfc2307 > idmap config lxcerruti : range = 3000-7999 > idmap config lxcerruti : backend = ad > idmap config * : range = 9000-17999 > idmap config * : backend = tdb > > i restarted my member but : > drwxrwx---. 3 3040 3290 150 23 mar 2017 vigna > drwxrwx---. 2 3051 3238 6 20 mar 2014 zaia > > ids are always ids :-( > > any check or suggestions are really appreciated >I am willing to lay money that the gidNumber attribute for Domain Users contains '513', if so, your ranges are not compatible What does 'wbinfo --group-info Domain\ Users' return ? Have you run 'net cache flush' on the Unix domain member ? Rowland
Il 26/10/2018 10:48, Rowland Penny via samba ha scritto:> I am willing to lay money that the gidNumber attribute for Domain Users > contains '513', if so, your ranges are not compatibleare yuo a wizard ?? :-)> > What does 'wbinfo --group-info Domain\ Users' return ?on dc LXCERRUTI\domain users:x:100: :-( on member , after i added idmap config LXCERRUTI : backend = ad Could not get info for group Domain Users> Have you run 'net cache flush' on the Unix domain member ?yes -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Facebook <https://www.facebook.com/LanificioCerruti> Instagram <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary