search for: 30000xx

Hi List Absolute confused newb here. Again. I noticed that the user gid and uids on my DCs were different from the uids and gids I would find on the domain member file server. ( I created users with samba-tool). User UIDs on the DCs would start in the 30000XX range, while on the file server, the uid would start in the 1000XX range. In an attempt to rectify this, I changed the smb.conf from [global] workgroup = SAMDOM security = ADS realm = SAMDOM.TESTING.COM server string = Samba Server Version %v winbind use default domain = yes...

...;> id user shows user info if it exists locally. > > On an AD joined machine id should show user info if the user exists > in AD and has the required rfc2307 attributes. I re-checked what I have on AD DC: 1. getent passwd shows local + AD users (AD users having uids in the range of 30000XX) 2. getent group shows local + AD grous, AD groups having gids in the range of 30000XX, just Domain Users having gid 100 3. ldbsearch -s sub -H private/sam.ldb '(cn=Domain Users)' objectSID gidNumber gives onlyObjectSID without gidNumber; CFG files from fileserver: ============ krb5.conf...

...if it exists locally. >> >> On an AD joined machine id should show user info if the user exists >> in AD and has the required rfc2307 attributes. > > I re-checked what I have on AD DC: > 1. getent passwd shows local + AD users (AD users having uids in the > range of 30000XX) > 2. getent group shows local + AD grous, AD groups having gids in the > range of 30000XX, just Domain Users having gid 100 > 3. ldbsearch -s sub -H private/sam.ldb '(cn=Domain Users)' objectSID > gidNumber > gives onlyObjectSID without gidNumber; > > CFG files from...

...t; on the DC. > > Example: > > root at dc4:~# getent passwd rowland > SAMDOM\rowland:*:10000:10000::/home/SAMDOM/users/rowland:/bin/bash Hmm, I did configure it on the client as suggested and it worked there. But on the DC nothing changed. getent always returned something with uid 30000xx. but maybe this was related to the user beeing member of Administrators group. I have read someting about special mapping in this case. I reverted this later on when testing with windows. > Mine rarely breaks (and when it does, it is usually my fault through testing > something I shouldn'...

I am sorry for many P.S. >> When domain user tries to access file server (samba4, member of AD domain) >> server logs such error: >> >> 2015/04/05 21:13:01.095178, 1] >> ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info) >> Username DOMAINwusername is invalid on this system >> >> [2015/04/05 21:13:01.095200, 1] >>

...attribute. So, when I first provisioned Samba, I certainly did not assign UID:GIDs for any users. I did not do that explicitly until after our email exchange on this list back in October, 2015 whereupon I changed the UID in sam.ldb via ldbedit. Give what you said, that would explain how the old 30000xx UIDs got in idmap.ldb. For users added after that time I did explicitly give a GID:UID in ADUC, which explains why a) they are not in idmap.ldb and b) they had no problem after the upgrade. When I manually changed the UIDs in sam.ldb, I should have also changed the corresponding GID and UIDs in...

...GID(100) UIDs(300000xx)? The answer is that I created domain users on the AD via RSAT > Active Directory Users and Computers. These are apparently the GID and UID range assigned by default. The ADUC > username > properties > Unix Attributes, UID and GID fields are blank, so I guess 100:30000xx are picked by default. Can I work with what I have or should I change these? There are no other actual local users on either the AD or client aside from me (100:1000 mfoley) other than the built-in accounts (root, bin, daemon, adm, lp ...) and services accounts (dovecot, spamd, mysql, ...). No o...

...0xx)? The answer is that I > created domain users on the AD via RSAT > Active Directory Users and Computers. > These are apparently the GID and UID range assigned by default. The ADUC > > username > properties > Unix Attributes, UID and GID fields are blank, so I > guess 100:30000xx are picked by default. Yes, as I said, they are set in idmap.ldb by samba and no you don't have to use them > > Can I work with what I have or should I change these? You can work with what you have got, but you don't have to, you can change them and if you are only going to use A...

...ote: > Hi List > > Absolute confused newb here. Again. > > I noticed that the user gid and uids on my DCs were different from the > uids and gids I would find on the domain member file server. ( I > created users with samba-tool). User UIDs on the DCs would start in > the 30000XX range, while on the file server, the uid would start in > the 1000XX range. > In an attempt to rectify this, I changed the smb.conf from > > [global] > workgroup = SAMDOM > security = ADS > realm = SAMDOM.TESTING.COM > > server string = Samba Server Vers...

On Thu, 26 Jan 2017 21:54:49 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Thu, 26 Jan 2017 16:26:02 -0500 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > On Thu, 26 Jan 2017 19:36:33 +0000 Rowland Penny wrote: > > > > > Have you tried checking in AD with ldbsearch or ldbedit for the > > > > > actual

...S/shay:/bin/bash This user was added within the past year with ADUC. This user exists in sam.ldb, but not in idmap.ldb. why? Is idmap.ldb not really necessary? Why are the other users in ldmap.ldb? I added them with ADUC as well. So, back in October 2015 when you advised me to renumber users from 30000xx to 100xx in sam.ldb, should I have also changed the xidNumber's in idmap.ldb? Too many questions for on email? --Mark -----Original Message----- Date: Thu, 26 Jan 2017 18:54:26 -0500 To: samba at lists.samba.org From: Mark Foley via samba <samba at lists.samba.org> Subject: Re: [Samba]...

...S/shay:/bin/bash This user was added within the past year with ADUC. This user exists in sam.ldb, but not in idmap.ldb. why? Is idmap.ldb not really necessary? Why are the other users in ldmap.ldb? I added them with ADUC as well. So, back in October 2015 when you advised me to renumber users from 30000xx to 100xx in sam.ldb, should I have also changed the xidNumber's in idmap.ldb? Too many questions for on email? --Mark -----Original Message----- Date: Thu, 26 Jan 2017 18:54:26 -0500 To: samba at lists.samba.org From: Mark Foley via samba <samba at lists.samba.org> Subject: Re: [Samba]...

...s added within the past year with ADUC. This user exists > in sam.ldb, but not in idmap.ldb. why? Is idmap.ldb not really > necessary? Why are the other users in ldmap.ldb? I added them with > ADUC as well. > > So, back in October 2015 when you advised me to renumber users from > 30000xx to 100xx in sam.ldb, should I have also changed the > xidNumber's in idmap.ldb? > > Too many questions for on email? > > --Mark > > -----Original Message----- > Date: Thu, 26 Jan 2017 18:54:26 -0500 > To: samba at lists.samba.org > From: Mark Foley via samba &lt...

On Fri, 27 Jan 2017 09:36:24 +0000 Rowland Penny wrote: > Can you post the script that slackware is using to start Samba and can > you also check if you have more than one 'samba' binary. Binary: $ find / -mount -type f -name samba -exec ls -l \{\} \; -rwxr-xr-x 1 root root 72720 2016-12-28 14:25 /usr/sbin/samba Doubtful an older binary would work. Previously I tried restoring

Hello everyone. I'm trying to fix sysvol rights, because i see errors in output of /usr/bin/samba-tool ntacl sysvolcheck ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.svmetal.cz/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}

...that I > > created domain users on the AD via RSAT > Active Directory Users and Computers. > > These are apparently the GID and UID range assigned by default. The ADUC > > > username > properties > Unix Attributes, UID and GID fields are blank, so I > > guess 100:30000xx are picked by default. > > Yes, as I said, they are set in idmap.ldb by samba and no you don't have > to use them > > > > > Can I work with what I have or should I change these? > > You can work with what you have got, but you don't have to, you can > chan...

On Mon, Nov 11, 2019 at 05:27:03PM +0000, Rowland penny via samba wrote: > > > > Kerberos SRV _kerberos._tcp.ad.home.arpa record verified ok, sample output: > > > > Server: 192.168.183.1 > > > > Address: 192.168.183.1#53 > > > > > > > > _kerberos._tcp.ad.home.arpa service = 0 100 88 kronos.ad.home.arpa. > > > > Samba is

...t goes via nssswitch, ...". and wbinfo still returns: $ wbinfo -i mark HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/bash Rowland said, "winbind ... goes to where you have told it to". Where would that be? Apparently not sam.ldb. One possible clue here might be that the 30000xx:100 range were the defaults that Samba4 initially used by default when I provisioned my domain in 2014. I changed these to facilitate single-sign-on on other Linux domain members per Rowland Penny's suggestion: On Sun, 11 Oct 2015 18:01:05 +0100 Rowland Penny <rowlandpenny241155 at gmail.co...

On Thu, 08 Oct 2015 21:52 Rowland Penny wrote: > What you cannot do is use GPO's like windows does, everything else is > possible, you just need to setup the clients correctly. Excellent! I've been messing around with GPOs on Windows AD domains for years, more extensively this past year with Samba4 AD/DC and I absolutely hate them. In my opinion they are yet another attempt by

On Thu, 14 Jun 2018 09:39:46 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > And i did read the Comment to for Rowland below, > On debian you need : > libnss-winbind libpam-winbind to be installed. > I think you miss one of these. They are the glue that connects Samba to nsswitch and allows 'getent passwd username' to work. Without