On 14/03/2023 18:55, Himanshi Yadav wrote:> Hello > > Here are the details you?requested. > > *What OS is Samba running on ?* > > CentOS Linux release 8.4.2105 > > > *What version of Samba ?* > > Samba version 4.13.3 > > > *How is Samba Running, as a standalone server or a Unix domain member, or > a DC ?* > > ** > > Domain Members > > *Please post the output of 'testparm -s' (unless it is a DC, then post > the output of 'samba-tool testparm') > > > *** > > [root at midway3-dm1 ~]# testparm -s > > Load smb config files from /etc/samba/smb.conf > > lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is > deprecated > > Loaded services file OK. > > Weak crypto is allowed > > Server role: ROLE_DOMAIN_MEMBER > > # Global parameters > > [global] > > ??????? clustering = Yes > > ??????? idmap cache time = 1 > > ??????? idmap negative cache time = 1 > > ??????? kerberos method = system keytab > > ??????? log file = /var/log/samba/log.%m > > ??????? max log size = 50 > > ??????? netbios name = DMCIFS > > ??????? realm = AD.UCHICAGO.EDU > > ??????? security = ADS > > ??????? server min protocol = SMB3_02 > > ??????? server string = Samba Server Version %v > > ??????? workgroup = AD > > ??????? fruit:delete_empty_adfiles = yes > > ??????? fruit:wipe_intentionally_left_blank_rfork = yes > > ??????? fruit:veto_appledouble = no > > ??????? fruit:posix_rename = yes > > ??????? fruit:model = MacSamba > > ??????? fruit:metadata = stream > > ??????? fileid:algorithm = fsname > > ??????? idmap config adlocal : range = 1401-2147483647 > > ??????? idmap config adlocal : backend = nss > > ??????? idmap config * : range = 2147483648-3000000000 > > ??????? idmap config * : backend = tdb2 > > ??????? hosts allow = 127. 128.135.0.0/255.255.0.0 > 205.208.0.0/255.255.128.0 10.0.0.0/255.0.0.0 192.170.192.0/255.255.224.0 > > ??????? invalid users = root bin daemon adm lp sync shutdown halt mail > operator games ftp nobody dbus systemd-coredump systemd-resolve tss > polkitd geoclue rtkit pulse pipewire libstoragemgmt qemu usbmuxd unbound > rpc gluster chrony setroubleshoot saslauth dnsmasq radvd clevis > cockpit-ws cockpit-wsinstance sssd flatpak colord gdm rpcuser > gnome-initial-setup sshd pesign avahi rngd tcpdump munge > > ??????? kernel oplocks = Yes > > ??????? vfs objects = gpfs fileid catia fruit streams_xattr > > [homes] > > ??????? browseable = No > > ??????? comment = Home Directories > > ??????? create mask = 0664 > > ??????? directory mask = 02775 > > ??????? force create mode = 0664 > > ??????? force directory mode = 02775 > > ??????? read only = No > > ??????? valid users = %S > > ??????? fileid:algorithm = fsname > > [midway3-scratch] > > ??????? browseable = No > > ??????? comment = Midway3 Scratch Directories > > ??????? path = /scratch/midway3 > > ??????? read only = No > > ??????? fileid:algorithm = fsname > > [project] > > ??????? browseable = No > > ??????? comment = Project Directories > > ??????? create mask = 0664 > > ??????? directory mask = 02775 > > ??????? force create mode = 0664 > > ??????? force directory mode = 02775 > > ??????? path = /project > > ??????? read only = No > > ??????? fileid:algorithm = fsname > > [beagle3] > > ??????? browseable = No > > ??????? comment = Beagle3 Directories > > ??????? create mask = 0664 > > ??????? directory mask = 02775 > > ??????? force create mode = 0664 > > ??????? force directory mode = 02775 > > ??????? path = /beagle3 > > ??????? read only = No > > ??????? fileid:algorithm = fsname > > [printers] > > ?????? ?browseable = No > > ??????? comment = All Printers > > ??????? path = /var/spool/samba > > ??????? printable = YesIs this a sanitisation error: You have workgroup = AD and idmap config adlocal They are both supposed to use the same name Other than that, sorry but I cannot help further, you appear to be using sssd and I do not use it and know very little about it. Rowland
We are using the nss-db instead of SSSD on the Samba server. The backend database is nss. idmap config adlocal : backend = nss Our issue is related to user directory discrepancy on the Mac OS systems. On the windows systems, we don?t see any issue. -Himi ________________________________ From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org> Sent: Tuesday, March 14, 2023 2:12 PM To: samba at lists.samba.org <samba at lists.samba.org> Cc: Rowland Penny <rpenny at samba.org> Subject: Re: [Samba] Samba Issue for Mac On 14/03/2023 18:55, Himanshi Yadav wrote:> Hello > > Here are the details you requested. > > *What OS is Samba running on ?* > > CentOS Linux release 8.4.2105 > > > *What version of Samba ?* > > Samba version 4.13.3 > > > *How is Samba Running, as a standalone server or a Unix domain member, or > a DC ?* > > ** > > Domain Members > > *Please post the output of 'testparm -s' (unless it is a DC, then post > the output of 'samba-tool testparm') > > > *** > > [root at midway3-dm1 ~]# testparm -s > > Load smb config files from /etc/samba/smb.conf > > lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is > deprecated > > Loaded services file OK. > > Weak crypto is allowed > > Server role: ROLE_DOMAIN_MEMBER > > # Global parameters > > [global] > > clustering = Yes > > idmap cache time = 1 > > idmap negative cache time = 1 > > kerberos method = system keytab > > log file = /var/log/samba/log.%m > > max log size = 50 > > netbios name = DMCIFS > > realm = AD.UCHICAGO.EDU > > security = ADS > > server min protocol = SMB3_02 > > server string = Samba Server Version %v > > workgroup = AD > > fruit:delete_empty_adfiles = yes > > fruit:wipe_intentionally_left_blank_rfork = yes > > fruit:veto_appledouble = no > > fruit:posix_rename = yes > > fruit:model = MacSamba > > fruit:metadata = stream > > fileid:algorithm = fsname > > idmap config adlocal : range = 1401-2147483647 > > idmap config adlocal : backend = nss > > idmap config * : range = 2147483648-3000000000 > > idmap config * : backend = tdb2 > > hosts allow = 127. 128.135.0.0/255.255.0.0 > 205.208.0.0/255.255.128.0 10.0.0.0/255.0.0.0 192.170.192.0/255.255.224.0 > > invalid users = root bin daemon adm lp sync shutdown halt mail > operator games ftp nobody dbus systemd-coredump systemd-resolve tss > polkitd geoclue rtkit pulse pipewire libstoragemgmt qemu usbmuxd unbound > rpc gluster chrony setroubleshoot saslauth dnsmasq radvd clevis > cockpit-ws cockpit-wsinstance sssd flatpak colord gdm rpcuser > gnome-initial-setup sshd pesign avahi rngd tcpdump munge > > kernel oplocks = Yes > > vfs objects = gpfs fileid catia fruit streams_xattr > > [homes] > > browseable = No > > comment = Home Directories > > create mask = 0664 > > directory mask = 02775 > > force create mode = 0664 > > force directory mode = 02775 > > read only = No > > valid users = %S > > fileid:algorithm = fsname > > [midway3-scratch] > > browseable = No > > comment = Midway3 Scratch Directories > > path = /scratch/midway3 > > read only = No > > fileid:algorithm = fsname > > [project] > > browseable = No > > comment = Project Directories > > create mask = 0664 > > directory mask = 02775 > > force create mode = 0664 > > force directory mode = 02775 > > path = /project > > read only = No > > fileid:algorithm = fsname > > [beagle3] > > browseable = No > > comment = Beagle3 Directories > > create mask = 0664 > > directory mask = 02775 > > force create mode = 0664 > > force directory mode = 02775 > > path = /beagle3 > > read only = No > > fileid:algorithm = fsname > > [printers] > > browseable = No > > comment = All Printers > > path = /var/spool/samba > > printable = YesIs this a sanitisation error: You have workgroup = AD and idmap config adlocal They are both supposed to use the same name Other than that, sorry but I cannot help further, you appear to be using sssd and I do not use it and know very little about it. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- check_account: Failed to find local account with UID" issue / The university of Chicago
- check_account: Failed to find local account with UID" issue / The university of Chicago
- AD and samba secondary group problems
- change notify or something
- CTDB and locking issues reloaded