On Mon, 29 Oct 2018 09:41:40 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> Hello Rowland > > Il 26/10/2018 18:03, Rowland Penny via samba ha scritto: > > what does 'getent passwd ausername' show ? > nothing :-(is this on a DC or a Unix domain member ? If you are compiling Samba yourself, have you created the libnss_winbind links ? See here: https://wiki.samba.org/index.php/Libnss_winbind_Links Have you set up PAM ? See here: https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM> > [root at srvcerruti ~]# getent passwd administratorThis should only return anything on a DC or a Unix domain member using the winbind 'rid' backend, but you shouldn't use Administrator directly on a Unix machine.> [root at srvcerruti ~]# wbinfo --group-info='Domain users' > domain users:x:513:For you this is correct.> What does 'getent group Domain\ Users' show ? > nothing anymoreProbably/possibly connected with lack of links and PAM> > What worries me is the group with the ID 502, which group is it ? > [root at srvcerruti ~]# wbinfo --gid-info 502 > g_cerruti:x:502: > > g_cerruti is mapping of domain usersThen un-map it, You do not use group mappings in AD. Rowland
MAGIC !! after last email i can see my groups in member : dr-xr-xr-x. 11 root g_cerruti 4096 19 ott 10.43 AntiVirus drwxrwx---. 8 root g_comdise 4096 7 ott 2017 CommDise drwxrwx---. 2 root g_datidirezione 6 21 apr 2007 DatiDirezione very good :-) Il 29/10/2018 10:06, Rowland Penny via samba ha scritto:> Then un-map it, You do not use group mappings in AD.but i can't remove mapping : Failed to remove group Domain Users from the mapping db! -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Facebook <https://www.facebook.com/LanificioCerruti> Instagram <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary
On Mon, 29 Oct 2018 10:39:21 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> MAGIC !! > after last email i can see my groups in member : > > dr-xr-xr-x. 11 root g_cerruti 4096 19 ott 10.43 > AntiVirus drwxrwx---. 8 root g_comdise 4096 7 ott > 2017 CommDise drwxrwx---. 2 root g_datidirezione 6 21 > apr 2007 DatiDirezione > > very good :-) > > Il 29/10/2018 10:06, Rowland Penny via samba ha scritto: > > Then un-map it, You do not use group mappings in AD. > but i can't remove mapping : > Failed to remove group Domain Users from the mapping db! >By 'un-map', I actually meant delete the group that uses the RID from the Windows Well Known Sid's as its gidNumber and use that RID for the appropriate Windows group's gidNumber. Rowland