Andreas Hauffe
2020-Dec-09 10:23 UTC
[Samba] Missing group membership of user on domain member
Hello, I'm still struggling with this problem. Is it possible, that group membership for the users of DOM is somehow taken from the DOM DCs and not from the ILRW DCs. This could result in the missing domain local groups. But I don't know, if this is realistic. Regards, Andreas Am 30.11.20 um 09:27 schrieb Andreas Hauffe via samba:> Hello, > > we have a fileserver (nfs4/krb5) running as domain member (Debian 10, > Samba 4.13.2, winbind). This server is member of the domain ILRW, > which itself is a subdomain of DOM. All users are defined in DOM and > the groups are domain local groups defined in ILRW. For some users > winbind does not list the domain local groups of ILRW (wbinfo > --user-groups $USERNAME), so the users are not able to access > resources via NFS4. I already tried to remove the /usr/local/samba > folder completely, recompile (install) samba and rejoin it to the ILRW > domain. So I hope there shouldn't be any cache issues. Can somebody > give a hint, how solve this problem? > > smb.conf > > [global] > ??????? bind interfaces only = Yes > ??????? dedicated keytab file = /etc/krb5.keytab > ??????? interfaces = lo enp1s0f0 > ??????? kerberos method = secrets and keytab > ??????? realm = ILRW.ING.DOM.TU-DRESDEN.DE > ??????? security = ADS > ??????? server min protocol = SMB3_00 > ??????? template homedir = /home/users/linux/%U > ??????? template shell = /bin/bash > ??????? winbind refresh tickets = Yes > ??????? winbind separator = + > ??????? workgroup = ILRW > ??????? idmap config * : range = 2000-2999 > ??????? idmap config ilrw : backend = rid > ??????? idmap config ilrw : range = 3000-9999 # UID aus RID f?r POOL > ??????? idmap config dom : backend = rid > ??????? idmap config dom : range = 10000-9999999 # UID aus RID f?r DOM > ??????? idmap config * : backend = tdb > > Regards, > Andreas > >