Am 25.02.20 um 14:30 schrieb Rowland penny via samba:> On 25/02/2020 13:24, Stefan G. Weichinger via samba wrote: >> Am 25.02.20 um 14:16 schrieb Rowland penny via samba: >> >>> Do you have a user.map line in smb.conf ? >>> >>> Something like this: >>> >>> username map = /etc/samba/smb.conf >> It should be more like: >> >> username map = /etc/samba/samba_usermapping >> >> and not point to smb.conf, right? ;-) > DOH, yes, this is what you get with arguing with your brother about what > the EU wants whilst trying to type something ;-);-)>>> Which contains something like this: >>> >>> !root = DOMAIN\Administrator >> >> # cat /etc/samba/samba_usermapping >> !root = CST\Administrator CST\administrator > Have you run 'net cache flush' ?right now, will retest.> OK, I give in, I will alter the wiki page, if you use the 'rid' or > 'autorid'? backend, you can use Domain Admins, just do not give Domain > Admins a gidNumber.1) why and how could I have done that? 2) this leads to another issue with locales and umlauts: I can't "chgrp dom?nen-admins", in german it's "dom?nen-admins", on bash shell it looks like -> # wbinfo -g dom?nencomputer dom?nencontroller dom?nen-admins dom?nen-benutzer dom?nen-g?ste # wbinfo --group-info="dom?nen-admins" failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group dom?nen-admins Do I have to log in with US locale? any hints how to fix that? thanks! and greetings to your brother.
On 25/02/2020 13:37, Stefan G. Weichinger via samba wrote:> right now, will retest. >> OK, I give in, I will alter the wiki page, if you use the 'rid' or >> 'autorid'? backend, you can use Domain Admins, just do not give Domain >> Admins a gidNumber. > 1) why and how could I have done that?Sorry, but I cannot remember just what backend everybody uses, in your case you would have no reason too ;-)> > 2) this leads to another issue with locales and umlauts: > > I can't "chgrp dom?nen-admins", in german it's "dom?nen-admins", on bash > shell it looks likeHave you considered moving to the UK, we don't have those funny marks here ;-)> > -> > > > # wbinfo -g > dom?nencomputer > dom?nencontroller > dom?nen-admins > dom?nen-benutzer > dom?nen-g?ste > > > # wbinfo --group-info="dom?nen-admins" > failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for group dom?nen-admins > > Do I have to log in with US locale?No and if you did, I don't think it would fix this problem, is locales setup correctly ? If it is, you might have found a bug in wbinfo. Having said that, you should be using 'getent group Domain Admins' (where 'Domain Admins' is replaced with your version (sorry, but as I said, we don't have those funny marks)) Rowland
Am 25.02.20 um 14:51 schrieb Rowland penny via samba:> On 25/02/2020 13:37, Stefan G. Weichinger via samba wrote: >> right now, will retest. >>> OK, I give in, I will alter the wiki page, if you use the 'rid' or >>> 'autorid'? backend, you can use Domain Admins, just do not give Domain >>> Admins a gidNumber. >> 1) why and how could I have done that? > Sorry, but I cannot remember just what backend everybody uses, in your > case you would have no reason too ;-) >> >> 2) this leads to another issue with locales and umlauts: >> >> I can't "chgrp dom?nen-admins", in german it's "dom?nen-admins", on bash >> shell it looks like > Have you considered moving to the UK, we don't have those funny marks > here ;-) >> >> -> >> >> >> # wbinfo -g >> dom?nencomputer >> dom?nencontroller >> dom?nen-admins >> dom?nen-benutzer >> dom?nen-g?ste >> >> >> # wbinfo --group-info="dom?nen-admins" >> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND >> Could not get info for group dom?nen-admins >> >> Do I have to log in with US locale? > > No and if you did, I don't think it would fix this problem, is locales > setup correctly ?I think so. Tested with US locale, no change. I now figured out to do: # chown -R 10500:10512 * But access from windows still is problematic with the DOM\Administrator :-(> Having said that, you should be using 'getent group Domain Admins' > (where 'Domain Admins' is replaced with your version (sorry, but as I > said, we don't have those funny marks))Not my idea. AD DC delivers the names like that.