Il 26/10/2018 13:45, Rowland Penny via samba ha scritto:> ldbsearch -Hldap://$(hostname -s) -k yes -P '(&(samaccountname=Domain > Users)(gidNumber=*))' gidNumber | grep gidNumber | awk '{print $NF}'sorry but nothing happen [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep gidNumber | awk '{print $NF}' [root at dc1 ~]# -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Facebook <https://www.facebook.com/LanificioCerruti> Instagram <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary
[root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber # Referral ref: ldap://lxcerruti.com/CN=Configuration,DC=lxcerruti,DC=com # Referral ref: ldap://lxcerruti.com/DC=DomainDnsZones,DC=lxcerruti,DC=com # Referral ref: ldap://lxcerruti.com/DC=ForestDnsZones,DC=lxcerruti,DC=com # returned 3 records # 0 entries # 3 referrals Il 26/10/2018 13:50, Corrado Ravinetto via samba ha scritto:> > > Il 26/10/2018 13:45, Rowland Penny via samba ha scritto: >> ldbsearch -Hldap://$(hostname -s) -k yes -P '(&(samaccountname=Domain >> Users)(gidNumber=*))' gidNumber | grep gidNumber | awk '{print $NF}' > > sorry but nothing happen > > [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > gidNumber | awk '{print $NF}' > [root at dc1 ~]# > >-- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Facebook <https://www.facebook.com/LanificioCerruti> Instagram <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary
On Fri, 26 Oct 2018 13:50:44 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> > > Il 26/10/2018 13:45, Rowland Penny via samba ha scritto: > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > > gidNumber | awk '{print $NF}' > > sorry but nothing happen > > [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > gidNumber | awk '{print $NF}' > [root at dc1 ~]# > >Then 'Domain Users' does not have a gidNumber: root at dc4:~# ldbsearch -H ldap://$(hostname -s) -k yes -P '(&(samaccountname=*)(gidNumber=*))' gidNumber | grep gidNumber | awk '{print $NF}' | sort | head -n 1 10000 That is from one of my DC's Rowland
On Fri, 26 Oct 2018 12:57:52 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Fri, 26 Oct 2018 13:50:44 +0200 > Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > > > > > > > Il 26/10/2018 13:45, Rowland Penny via samba ha scritto: > > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > > > gidNumber | awk '{print $NF}' > > > > sorry but nothing happen > > > > [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P > > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > > gidNumber | awk '{print $NF}' > > [root at dc1 ~]# > > > > > > Then 'Domain Users' does not have a gidNumber: > > root at dc4:~# ldbsearch -H ldap://$(hostname -s) -k yes -P > '(&(samaccountname=*)(gidNumber=*))' gidNumber | grep gidNumber | awk > '{print $NF}' | sort | head -n 1 10000 > > That is from one of my DC's > > Rowland > >OOPS, wrong cut and paste, should have been: root at dc4:~# ldbsearch -H ldap://$(hostname -s) -k yes -P '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep gidNumber | awk '{print $NF}' 10000 Rowland
Hai, I see : ldap://lxcerruti.com So its setup with a top level domain internaly. Correct ? Check if resolv.conf contains: search lxcerruti.com nameserver IP-OF_THE_DC1 And make very sure you DNS request dont goto the internet. Monitor you gateway and outgoing dns traffic. Just a warning about this.> > > What does 'wbinfo --group-info Domain\ Users' return ? > > on dc > > LXCERRUTI\domain users:x:100:This is probley an old NT4DOM group mapping. Check with : net groupmap list If there are any left over mappings. Then : net groupmap cleanup net cache flush And restart samba Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Corrado Ravinetto via samba > Verzonden: vrijdag 26 oktober 2018 13:55 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] classicupgrade > > [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber > # Referral > ref: ldap://lxcerruti.com/CN=Configuration,DC=lxcerruti,DC=com > > # Referral > ref: ldap://lxcerruti.com/DC=DomainDnsZones,DC=lxcerruti,DC=com > > # Referral > ref: ldap://lxcerruti.com/DC=ForestDnsZones,DC=lxcerruti,DC=com > > # returned 3 records > # 0 entries > # 3 referrals > > > Il 26/10/2018 13:50, Corrado Ravinetto via samba ha scritto: > > > > > > Il 26/10/2018 13:45, Rowland Penny via samba ha scritto: > >> ldbsearch -Hldap://$(hostname -s) -k yes -P > '(&(samaccountname=Domain > >> Users)(gidNumber=*))' gidNumber | grep gidNumber | awk > '{print $NF}' > > > > sorry but nothing happen > > > > [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P > > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > > gidNumber | awk '{print $NF}' > > [root at dc1 ~]# > > > > > > -- > > *Corrado Ravinetto * > Sistemi informativi > corrado.ravinetto at lanificiocerruti.com > <mailto:corrado.ravinetto at lanificiocerruti.com> > T: +39 015 3591283 > Lanificio F.lli CERRUTI > *Lanificio F.lli Cerruti S.p.A. * > Via Cernaia 40, 13900 - Biella (BI) Italy > www.lanificiocerruti.com <http://www.lanificiocerruti.com/> > > Twitter <https://twitter.com/Lan_Cerruti> Facebook > <https://www.facebook.com/LanificioCerruti> Instagram > <https://www.instagram.com/lanificiocerruti/> > > Rispetta l'ambiente, non stampare questa mail se non necessario > Respect the environment, don't print unless necessary > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Fri, 26 Oct 2018 14:10:05 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > > I see : ldap://lxcerruti.com > So its setup with a top level domain internaly. Correct ? > > Check if resolv.conf contains: > search lxcerruti.com > nameserver IP-OF_THE_DC1 > > And make very sure you DNS request dont goto the internet. > Monitor you gateway and outgoing dns traffic. Just a warning about > this.Worth checking, but I do not think this is the OP's problem.> > > > > > What does 'wbinfo --group-info Domain\ Users' return ? > > > on dc > > > LXCERRUTI\domain users:x:100: > > This is probley an old NT4DOM group mapping. > Check with : net groupmap listNo, it is the ID for the Unix group 'users' cat /etc/group | grep '[u]sers' users:x:100: It is mapped from Domain Users in idmap.ldb and is what you get on a DC if Domain Users does not have a gidNumber. It looks like (for whatever reason) there are no uidNumber and/or gidNumber attributes in AD. Rowland