On 9/24/20 11:51 AM, Aur?lien Aptel wrote:> The request-keys config looks right. > > You can check if winbind is properly configured trying to map with the > winbind CLI client called wbinfo. For example: > > # wbinfo -i NUC\\administrator > NUC\administrator:*:20501:20514::/home/NUC/administrator:/bin/bash > ^^^^^ ^^^^^ > uid gid > > Cheers,# wbinfo -i MYDOM\\user user:*:1001:1001::/home/user:/bin/bash Those uid/gid are correct. They match the server and also match the uid/gid in the AD for the user. It seems everything is working except for the cifsacl id mapping part.
On 24/09/2020 16:58, Ken Bass via samba wrote:> On 9/24/20 11:51 AM, Aur?lien Aptel wrote: >> The request-keys config looks right. >> >> You can check if winbind is properly configured trying to map with the >> winbind CLI client called wbinfo. For example: >> >> # wbinfo -i NUC\\administrator >> NUC\administrator:*:20501:20514::/home/NUC/administrator:/bin/bash >> ???????????????????? ^^^^^ ^^^^^ >> ????????????????????? uid?? gid >> >> Cheers, > > # wbinfo -i MYDOM\\user > user:*:1001:1001::/home/user:/bin/bash > > Those uid/gid are correct. They match the server and also match the > uid/gid in the AD for the user. > It seems everything is working except for the cifsacl id mapping part.I am beginning to think you are running Samba as a standalone server in an AD domain, if so, why ? As I said, posting your smb.conf will prove this. Rowland
On 9/24/20 12:10 PM, Rowland penny via samba wrote:> On 24/09/2020 16:58, Ken Bass via samba wrote: >> On 9/24/20 11:51 AM, Aur?lien Aptel wrote: >>> The request-keys config looks right. >>> >>> You can check if winbind is properly configured trying to map with the >>> winbind CLI client called wbinfo. For example: >>> >>> # wbinfo -i NUC\\administrator >>> NUC\administrator:*:20501:20514::/home/NUC/administrator:/bin/bash >>> ???????????????????? ^^^^^ ^^^^^ >>> ????????????????????? uid?? gid >>> >>> Cheers, >> >> # wbinfo -i MYDOM\\user >> user:*:1001:1001::/home/user:/bin/bash >> >> Those uid/gid are correct. They match the server and also match the >> uid/gid in the AD for the user. >> It seems everything is working except for the cifsacl id mapping part. > > I am beginning to think you are running Samba as a standalone server > in an AD domain, if so, why ? > > As I said, posting your smb.conf will prove this. > > Rowland > > >I already did that, two posts ago. Did it not make it to the list - I see it. Server role: ROLE_DOMAIN_MEMBER i have 'winbind use default domain = Yes ' enabled if that is what you are getting at.