On 05/02/2021 11:06, Ralph Boehme via samba wrote:> Am 2/5/21 um 11:54 AM schrieb Thomas Geppert via samba: >> I've installed and provisioned a Samba ADDC in an unprivileged Linux >> container. The details can be found in my post "Samba AD DC in an >> unprivileged lxc revisited". > > ...which was a f?abbergasting read! Well done, albeit I fear there are > still some problem due to the idmapping issue you're seeing. > >> The ADDC seems to work properly but there is one detail that still >> bothers >> me. In the output of samba-tool were the following warnings: >> INFO 2021-02-02 19:51:42,853 pid:942 >> /usr/local/samba/lib/python3.7/site-packages/samba/provision/__init__.py >> #1592: Setting up self join >> Repacking database from v1 to v2 format (first record >> CN=dhcp-Properties,CN=Schema,CN=Configuration,DC=....,DC=....,DC=....) >> Repack: re-packed 10000 records so far >> Repacking database from v1 to v2 format (first record >> CN=mSMQMigratedUser-Display,CN=405,CN=DisplaySpecifiers,CN=Configuration,DC= >> >> ....,DC=....,DC=....) >> Repacking database from v1 to v2 format (first record >> CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP >> Security,CN=System,DC=.....,DC=....,DC=....)map_smb4_to_nfs4_id: >> Unknown gid >> [30000] >> map_smb4_to_nfs4_id: Unknown gid [30001] >> map_smb4_to_nfs4_id: Unknown gid [30002] >> .... >> map_smb4_to_nfs4_id: Unknown gid [30003] >> map_smb4_to_nfs4_id: Unknown gid [30007] >> INFO 2021-02-02 19:51:45,498 pid:942 >> /usr/local/samba/lib/python3.7/site-packages/samba/provision/sambadns.py >> #1143: Adding DNS accounts >> INFO 2021-02-02 19:51:45,517 pid:942 >> /usr/local/samba/lib/python3.7/site-packages/samba/provision/sambadns.py >> #1177: Creating >> CN=MicrosoftDNS,CN=System,DC=....,DC=....,DC=.... >> >> Can someone shed a light on what's causing these "Unknown gid" >> messages and >> what it could mean for the operation of the ADDC ? > > the module does a getgrgid() call on those ids and apparently nsswitch > doesn't know about those ids. Do you have winbind in nsswitch.conf? > Fwiw, I have no idea if that is sensible on an AD DC... :)Whilst it isn't recommended to use a DC for other than authentication, you can set winbind in the passwd & group lines in /etc/nsswitch. However these numbers are appearing during a provision and surely at this point all the ID numbers are in the '3000000' range, so where are the '30000' numbers coming from ? Rowland
Am 2/5/21 um 12:39 PM schrieb Rowland penny via samba:> On 05/02/2021 11:06, Ralph Boehme via samba wrote: >> the module does a getgrgid() call on those ids and apparently nsswitch >> doesn't know about those ids. Do you have winbind in nsswitch.conf? >> Fwiw, I have no idea if that is sensible on an AD DC... :) > > > Whilst it isn't recommended to use a DC for other than authentication, > you can set winbind in the passwd & group lines in /etc/nsswitch. > However these numbers are appearing during a provision and surely at > this point all the ID numbers are in the '3000000' range, so where are > the '30000' numbers coming from ?hm... good point! :) I have no clue... -slow -- Ralph Boehme, Samba Team https://samba.org/ Samba Developer, SerNet GmbH https://sernet.de/en/samba/ GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46 -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20210205/caeaf783/OpenPGP_signature.sig>
Looks like a setting in smb.conf but its not posted. Also, its not recommended to use AD on this. And my personal experiances with backend AD on member. Works fine. I dont recommend to use NFS with backends RID. greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ralph Boehme via > samba > Verzonden: vrijdag 5 februari 2021 12:49 > Aan: Rowland penny; samba at lists.samba.org > Onderwerp: Re: [Samba] Warning messages when provisioning an ADDC > > Am 2/5/21 um 12:39 PM schrieb Rowland penny via samba: > > On 05/02/2021 11:06, Ralph Boehme via samba wrote: > >> the module does a getgrgid() call on those ids and apparently nsswitch > >> doesn't know about those ids. Do you have winbind in nsswitch.conf? > >> Fwiw, I have no idea if that is sensible on an AD DC... :) > > > > > > Whilst it isn't recommended to use a DC for other than authentication, > > you can set winbind in the passwd & group lines in /etc/nsswitch. > > However these numbers are appearing during a provision and surely at > > this point all the ID numbers are in the '3000000' range, so where are > > the '30000' numbers coming from ? > > hm... good point! :) I have no clue... > > -slow > > -- > Ralph Boehme, Samba Team https://samba.org/ > Samba Developer, SerNet GmbH https://sernet.de/en/samba/ > GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba