search for: examplead

dear experts, I would like to setup idmap config ad. I have already the uidNumber attribute populated on AD. But there is something very basic wrong with my config: [global] netbios name = ADDC realm = EXAMPLE.ORG workgroup = EXAMPLEAD dns forwarder = #trimmed server role = active directory domain controller log level = 3 log file = /var/log/samba/log.%m interfaces = eth0, lo bind interfaces only = Yes tls enabled = yes tls keyfile = /opt/samba/private/tls/addc.key tls certfile...

hi all, I can't figure out why winbind can't find ad users with wbinfo calls. It happens on a member server, Debian GNU/Linux stretch, samba is 4.7.5 from Louis repository: [global] security = ADS workgroup = EXAMPLEAD realm = EXAMPLE.ORG idmap config * : backend = tdb idmap config * : range = 1000000-3000000 idmap config EXAMPLEAD:backend = ad idmap config EXAMPLEAD:schema_mode = rfc2307 idmap config EXAMPLEAD:range = 1005-999999 template shell = /bin/mosh template homedir = /homel/%U...

...ap config ad. I have already the uidNumber >> attribute populated on AD. >> >> But there is something very basic wrong with my config: > > Yes, there is something wrong ;-) > See below > [...] >> > > Okay to here. > >> # idmap config for the EXAMPLEAD domain >> idmap config EXAMPLEAD : backend = ad >> idmap config EXAMPLEAD : schema_mode = rfc2307 >> idmap config EXAMPLEAD : range = 1005-999999 >> >> idmap config * : backend = tdb >> idmap config * : range = 2000000-3999999 > > You cannot use the...

...O_SUCH_USER > > hi all, > > I can't figure out why winbind can't find ad users with wbinfo calls. > > It happens on a member server, Debian GNU/Linux stretch, > samba is 4.7.5 > from Louis repository: > > [global] > security = ADS > workgroup = EXAMPLEAD > realm = EXAMPLE.ORG > idmap config * : backend = tdb > idmap config * : range = 1000000-3000000 > idmap config EXAMPLEAD:backend = ad > idmap config EXAMPLEAD:schema_mode = rfc2307 > idmap config EXAMPLEAD:range = 1005-999999 > template shell = /bin/mosh...

...Is that line still there ? >> If so, try removing it. >> >> If it works, can you post the contents of /etc/krb5.conf > > If I remove the create krb5.conf line getent works. > > So I figured I would just copy the contents of > /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD to /etc/krb5.conf > excluding the "include /etc/krb5.conf" line. To my surprise when I add > back the "create krb5.conf = no" line to smb.conf getent stop working, even > though /etc/krb5.conf is equal to > /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD. > &gt...

...e populated on AD. > >> > >> But there is something very basic wrong with my config: > > > > Yes, there is something wrong ;-) > > See below > > > [...] > >> > > > > Okay to here. > > > >> # idmap config for the EXAMPLEAD domain > >> idmap config EXAMPLEAD : backend = ad > >> idmap config EXAMPLEAD : schema_mode = rfc2307 > >> idmap config EXAMPLEAD : range = 1005-999999 > >> > >> idmap config * : backend = tdb > >> idmap config * : range = 2000000-3999999...

...n of user 645 Primary group is 602 and contains 4 supplementary groups Group[ 0]: 605 Group[ 1]: 606 Group[ 2]: 608 Group[ 3]: 1222 Much further down the line we see: success: [2014/03/21 15:40:40.283134, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share cadshare is ok for unix user EXAMPLEAD\nagios failure: [2014/03/21 15:38:46.972158, 10] smbd/share_access.c:219(user_ok_token) User EXAMPLEAD\nagios not in 'valid users' SID S-1-5-21-3579304287-3829738268-3886208222-513 is GID 602, the 'domain users' group. So in one case the user was part of that group, in another ca...

...tc/samba# testparm -s Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[cad-test]" Loaded services file OK. Server role: ROLE_STANDALONE [global] workgroup = EXAMPLEAD realm = AD.EXAMPLE.COM server string = samba-4.example.com server role = member server obey pam restrictions = Yes restrict anonymous = 2 syslog = 0 log file = /var/log/samba/%m.log load printers = No logon script = %U.bat logon path = logon home = local master = No wins server = 192...

> Hai, > > > It might be handing to tell your OS and samba version. > A copy of smb.conf is also very handy.. oops, sorry. samba-4.8.5 compiled from source on Debian GNU/Linux 9 (stretch). smb.conf is: [global] netbios name = ADDC realm = EXAMPLE.ORG workgroup = EXAMPLEAD dns forwarder = [redacted] server role = active directory domain controller log level = 1 log file = /var/log/samba/log.%m # ldap debug level = 3 interfaces = eth0, lo bind interfaces only = Yes tls enabled = yes tls keyfile = /opt/samba/private/tls/addc...

...your OS and samba version. > > A copy of smb.conf is also very handy.. > > > oops, sorry. > > samba-4.8.5 compiled from source on Debian GNU/Linux 9 (stretch). > > smb.conf is: > > [global] > netbios name = ADDC > realm = EXAMPLE.ORG > workgroup = EXAMPLEAD > dns forwarder = [redacted] > server role = active directory domain controller > log level = 1 > log file = /var/log/samba/log.%m > # ldap debug level = 3 > interfaces = eth0, lo > bind interfaces only = Yes > tls enabled = yes >...

...eturns 0 errors samba-tool dbcheck --cross-ncs returns 0 errors samba-tool drs showrepl returns 0 failures smb.conf : [global] netbios name = DC1 realm = AD.EXAMPLE.COM server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = EXAMPLEAD server role = active directory domain controller idmap_ldb:use rfc2307 = yes # used for OpenLDAP sync password hash gpg key ids = ........... # temporary ntlm auth = yes [netlogon] path = /usr/local/samba/var/locks/sysvol/ad.example.com/scripts read only = No [sysv...