Il 02/02/21 11:26, Rowland penny via samba ha scritto:> [...] > What, apart from still using Samba 4.5.16 ?debian; I have the same strange behaviour in stretch (oldstable) and in bullseye (testing), I don't known in buster (stable) but I can try. oldoldstable seems to work correctly> I do not know, if you are going to post a part of the smb.conf, post > the entire smb.conf# Global parameters [global] ??? lock directory = /var/cache/samba/ ??? log file = /var/log/samba/log.%m ??? logging = file ??? map to guest = Bad User ??? max log size = 1000 ??? obey pam restrictions = Yes ??? pam password change = Yes ??? panic action = /usr/share/samba/panic-action %d ??? realm = AD.CSARICERCHE.COM ??? security = ADS ??? server string = %h server (Samba, Ubuntu) ??? template shell = /bin/bash ??? usershare allow guests = Yes ??? winbind offline logon = Yes ??? winbind refresh tickets = Yes ??? wins server = 192.168.64.2 ??? workgroup = DOMINIOCSA ??? idmap config dominiocsa : range = 10000-24999 ??? idmap config dominiocsa : backend = rid ??? idmap config * : range = 3000-9999 ??? idmap config * : backend = tdb [test] ??? browseable = No ??? comment = test force group directive ??? force group = "@DOMINIOCSA\Domain Users" ??? path = /home/test_share ??? write list = "@DOMINIOCSA\Domain Users" Furthermore I don't know if it's normal but getent group or wbinfo --group-info doesn't show member users but if I set winbind expand groups to 1 the getent group and wbinfo --group-info shows correctly the member users. Many thanks Piviul
On 02/02/2021 15:16, Piviul via samba wrote:> Il 02/02/21 11:26, Rowland penny via samba ha scritto: >> [...] >> What, apart from still using Samba 4.5.16 ? > > debian; I have the same strange behaviour in stretch (oldstable) and > in bullseye (testing), I don't known in buster (stable) but I can try. > oldoldstable seems to work correctly > > >> I do not know, if you are going to post a part of the smb.conf, post >> the entire smb.conf > # Global parameters > [global] > ??? lock directory = /var/cache/samba/ > ??? log file = /var/log/samba/log.%m > ??? logging = file > ??? map to guest = Bad User > ??? max log size = 1000 > ??? obey pam restrictions = Yes > ??? pam password change = Yes > ??? panic action = /usr/share/samba/panic-action %d > ??? realm = AD.CSARICERCHE.COM > ??? security = ADS > ??? server string = %h server (Samba, Ubuntu) > ??? template shell = /bin/bash > ??? usershare allow guests = Yes > ??? winbind offline logon = Yes > ??? winbind refresh tickets = Yes > ??? wins server = 192.168.64.2 > ??? workgroup = DOMINIOCSA > ??? idmap config dominiocsa : range = 10000-24999 > ??? idmap config dominiocsa : backend = rid > ??? idmap config * : range = 3000-9999 > ??? idmap config * : backend = tdb > > > [test] > ??? browseable = No > ??? comment = test force group directive > ??? force group = "@DOMINIOCSA\Domain Users" > ??? path = /home/test_share > ??? write list = "@DOMINIOCSA\Domain Users"There doesn't seem to be anything wrong with that smb.conf except for the 'wins server' line, you don't use wins with Samba AD.> > > Furthermore I don't know if it's normal but getent group or wbinfo > --group-info doesn't show member users but if I set winbind expand > groups to 1 the getent group and wbinfo --group-info shows correctly > the member users.You need to fix that, 'getent passwd username' & 'getent group groupname' must produce output. Also, as 'Domain Users' is the default primary group for domain users, you don't really need the 'force group' line. Rowland
It works for me with samba 4.6.8 member server. The only difference is that I don't put the "@" sign in front of my group name. Allen On 2/2/2021 10:16 AM, Piviul via samba wrote:> Il 02/02/21 11:26, Rowland penny via samba ha scritto: >> [...] >> What, apart from still using Samba 4.5.16 ? > > debian; I have the same strange behaviour in stretch (oldstable) and > in bullseye (testing), I don't known in buster (stable) but I can try. > oldoldstable seems to work correctly > > >> I do not know, if you are going to post a part of the smb.conf, post >> the entire smb.conf > # Global parameters > [global] > ??? lock directory = /var/cache/samba/ > ??? log file = /var/log/samba/log.%m > ??? logging = file > ??? map to guest = Bad User > ??? max log size = 1000 > ??? obey pam restrictions = Yes > ??? pam password change = Yes > ??? panic action = /usr/share/samba/panic-action %d > ??? realm = AD.CSARICERCHE.COM > ??? security = ADS > ??? server string = %h server (Samba, Ubuntu) > ??? template shell = /bin/bash > ??? usershare allow guests = Yes > ??? winbind offline logon = Yes > ??? winbind refresh tickets = Yes > ??? wins server = 192.168.64.2 > ??? workgroup = DOMINIOCSA > ??? idmap config dominiocsa : range = 10000-24999 > ??? idmap config dominiocsa : backend = rid > ??? idmap config * : range = 3000-9999 > ??? idmap config * : backend = tdb > > > [test] > ??? browseable = No > ??? comment = test force group directive > ??? force group = "@DOMINIOCSA\Domain Users" > ??? path = /home/test_share > ??? write list = "@DOMINIOCSA\Domain Users" > > > Furthermore I don't know if it's normal but getent group or wbinfo > --group-info doesn't show member users but if I set winbind expand > groups to 1 the getent group and wbinfo --group-info shows correctly > the member users. > > Many thanks > > Piviul > >