There is a problem with your uid, in your smb.conf you posted this:
You are saying that your uid (or ID) is '3578', but :
3578 != 7880
So where is it coming from ????
3578 is UID from AD and local on the box. Our organization requires local
userids on all servers(!) The only time we join AD on Linux is for Samba.
Since our Samba files normally match UID/GID in /etc/passwd, not RID + Offset I
assume ' backend = rid' has never worked properly. Since we want UIDs
to match /etc/passwd I'm going to try again to get Samba working with ad
backend.
Or we can stick with
security = DOMAIN
which gives us the desired behavior. Only problem is when servers reboot we
have to rejoin the domain. Security = ADS solved that.
Thanks,
Jim
This email and any attachments may contain information that is confidential
and/or privileged for the sole use of the intended recipient. Any use, review,
disclosure, copying, distribution or reliance by others, and any forwarding of
this email or its contents, without the express permission of the sender is
strictly prohibited by law. If you are not the intended recipient, please
contact the sender immediately, delete the e-mail and destroy all copies.
On Wed, 2022-05-11 at 15:11 +0000, Jim Brand wrote:> There is a problem with your uid, in your smb.conf you posted this: > > You are saying that your uid (or ID) is '3578', but : > > 3578 != 7880 > > So where is it coming from ???? > > 3578 is UID from AD and local on the box. Our organization requires > local userids on all servers(!) The only time we join AD on Linux is > for Samba.The smb.conf that you posted in your first post is from a Unix domain member. You do not have 'local users' (users in /etc/passwd) that are also in AD e.g. you do not have the user 'fred' in /etc/passwd and in AD. If you do have the same usernames in both, the local user will be used before the AD users and the two users are totally different users even if they are both called 'fred'.> > Since our Samba files normally match UID/GID in /etc/passwd, not RID > + Offset I assume ' backend = rid' has never worked properly.No your understanding of Samba seems to be the problem, you seem to be treating Samba as a standalone server (which, from your sample smb.conf , it isn't) and a Unix domain member.> Since we want UIDs to match /etc/passwd I'm going to try again to > get Samba working with ad backend.If you go down this path (just use the Unix ID's for the uidNumber or gidNumber attributes in AD), remove the users from /etc/passwd, you will no longer require them.> > Or we can stick with > security = DOMAIN > which gives us the desired behavior. Only problem is when servers > reboot we have to rejoin the domain. Security = ADS solved that.Do not use 'security = DOMAIN', it requires SMBv1 and this will be removed from Samba. Rowland