On 20/07/2020 10:37, Nick Howitt via samba wrote:> Bump, please.I have reviewed all the posts in this thread and I 'think' I know what is going on and also answers a question I asked. You have in your smb.conf: unix password sync = Yes This possibly means that you have a group in /etc/group called allusers with the ID of 63000 I would replace the line with: ldap password sync = yes Do you have libnss-ldap installed ? What are the 'passwd' and 'group' lines in /etc/nsswitch.conf ? Rowland
On 20/07/2020 11:14, Rowland penny via samba wrote:> > On 20/07/2020 10:37, Nick Howitt via samba wrote: >> Bump, please. > > I have reviewed all the posts in this thread and I 'think' I know what > is going on and also answers a question I asked. > > You have in your smb.conf: > > unix password sync = Yes > > This possibly means that you have a group in /etc/group called allusers > with the ID of 63000No. All groups are 1005 or less. The should be 1000 or less but the user has installed Acronis which has set up groups 1000-1005 which I don't think should be there. All "ClearOS" LDAP groups on this system and mine begin at 63000. All of what I think od as the Windows built-in groups are somewhere over 1000500 e.g: [root at server ~]# id clearcenter uid=1049(clearcenter) gid=63000(allusers) groups=63000(allusers),1000546(guests),1000512(domain_admins),1000513(domain_users),1000514(domain_guests),1000544(administrators),1000545(users),1000547(power_users),1000548(account_operators),1000549(server_operators),1000550(print_operators),1000551(backup_operators),60006(executive),60007(staff),60008(visitors),60009(admin)> > I would replace the line with: > > ldap password sync = yesThat is explicitly set to No in the included /etc/samba/smb.ldap.conf. I am scared to change this as it is working in my system.> > Do you have libnss-ldap installed ?No. The package is not even available.> > What are the 'passwd' and 'group' lines in /etc/nsswitch.conf ?passwd: files ldap group: files ldap These are the same as my system which works> > Rowland > > >
n 20/07/2020 14:19, Nick Howitt via samba wrote:> > > On 20/07/2020 11:14, Rowland penny via samba wrote: >> >> >> I have reviewed all the posts in this thread and I 'think' I know >> what is going on and also answers a question I asked. >> >> You have in your smb.conf: >> >> unix password sync = Yes >> >> This possibly means that you have a group in /etc/group called >> allusers with the ID of 63000 > No. All groups are 1005 or less. The should be 1000 or less but the > user has installed Acronis which has set up groups 1000-1005 which I > don't think should be there. > All "ClearOS" LDAP groups on this system and mine begin at 63000. All > of what I think od as the Windows built-in groups are somewhere over > 1000500 e.g: > [root at server ~]# id clearcenter > uid=1049(clearcenter) gid=63000(allusers) > groups=63000(allusers),1000546(guests),1000512(domain_admins),1000513(domain_users),1000514(domain_guests),1000544(administrators),1000545(users),1000547(power_users),1000548(account_operators),1000549(server_operators),1000550(print_operators),1000551(backup_operators),60006(executive),60007(staff),60008(visitors),60009(admin) >I have no idea why the groups are getting those numbers because you have in smb.conf: idmap config * : range = 20000000-29999999 So I would have expected the numbers such as 1000513 to actually be 20000513>> Do you have libnss-ldap installed ? > No. The package is not even available.Not under that name it isn't, try nss-pam-ldapd Rowland