Displaying 5 results from an estimated 5 matches for "id_both".
2017 Sep 19
2
samba 4 ad member - idmap = ad for machine accounts
...osoft windows client OS, if you try to connect to a
> share with the local SYSTEM user, the client try first with
> the machine account user and password, then try anonymously
> (then fail ;).
>
>
> So, trying to restate the question more precisely: machine
> accounts are ID_BOTH ''users'', so cannot have UID/GID
> assigned, or i can assign to machine account a UID (and
> assign to 'Domain Computers' a GID)?
UID for computer is not needed imo, GID can help.
>
>
> I think that if we add UID to machine account (and GID to
> Dom...
2017 Sep 19
0
samba 4 ad member - idmap = ad for machine accounts
...bit here.
Why do i use : acl_xattr:ignore system acls = yes
>From : man vfs_acl_xattr
The vfs_acl_xattr VFS module stores NTFS Access Control Lists (ACLs) in Extended Attributes (EAs).
This enables the full mapping of Windows ACLs on Samba servers.
Now think in user SYSTEM ( and others with ID_BOTH ) and the problems of settting user/group rights.
Now read :
acl_xattr:ignore system acls = [yes|no]
When set to yes, a best effort mapping from/to the POSIX ACL layer will not be done by this module.
The default is no, which means that Samba keeps setting and evaluating both the system...
2019 Sep 19
3
Script to sync xID/idmap.ldb, some questions...
I'm scripting the ''replica'' of DC xID db (idmap.ldb) between DCs,
following:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings
but i've two question.
1) because i've just in place the sysvol replica, i've thinked of
copying the 'idmap.ldb.bak' file on sysvol share (in debian,
2017 Sep 18
7
samba 4 ad member - idmap = ad for machine accounts
Thank everyone for input,
It seems that using RID is the way to go. I just tried a few things:
1)
- made group, assigned unix GID
- added test PC to this group and set this group as "primary group"
- added manually to test PC account "uidnumber"
on server with samba
getent passwd MYDOMAIN\\testpc$
returns nicely testpc$ with UID and GID numbers as set in
2019 Sep 20
0
Script to sync xID/idmap.ldb, some questions...
...ver\040operators:r-x
> default:group:3000002:rwx
> default:group:3000003:r-x
> default:mask::rwx
> default:other::---
>
> (eg, group:3000002 and group:3000003)
>
> Ah! Wait! They are listed in 'user' and 'group' contextes, and so they
> are probably 'ID_BOTH' identifiers, that clearly cannot be mapped to
> user *and* group...
Correct..
See : https://github.com/thctlo/samba4/blob/master/samba-check-set-sysvol.sh
Lines 101-144 ;-) The checkup parts.
>
>
> b) a flood of these errors in /var/log/samba/log.winbindd:
>
> [2019...