Displaying 6 results from an estimated 6 matches for "onlyobjectsid".
2015 Apr 06
2
Samba as AD member can not validate domain user
...etent passwd shows local + AD users (AD users having uids in the
range of 30000XX)
2. getent group shows local + AD grous, AD groups having gids in the
range of 30000XX, just Domain Users having gid 100
3. ldbsearch -s sub -H private/sam.ldb '(cn=Domain Users)' objectSID gidNumber
gives onlyObjectSID without gidNumber;
CFG files from fileserver:
============
krb5.conf
[libdefaults]
default = INTERNAL.DOMAIN.LV
dns_lookup_realm = false
dns_lookup_kdc = true
===========
nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat files
hosts: file...
2015 Apr 06
0
Samba as AD member can not validate domain user
...users (AD users having uids in the
> range of 30000XX)
> 2. getent group shows local + AD grous, AD groups having gids in the
> range of 30000XX, just Domain Users having gid 100
> 3. ldbsearch -s sub -H private/sam.ldb '(cn=Domain Users)' objectSID
> gidNumber
> gives onlyObjectSID without gidNumber;
>
> CFG files from fileserver:
> ============
> krb5.conf
> [libdefaults]
> default = INTERNAL.DOMAIN.LV
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> ===========
> nsswitch.conf
> passwd: compat winbind
> group: co...
2015 Apr 06
4
Samba as AD member can not validate domain user
...a/sysvol/internal.domain.lv/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
> You have posted what is probably your problem:
>
> 3. ldbsearch -s sub -H private/sam.ldb '(cn=Domain Users)' objectSID
> gidNumber
> gives onlyObjectSID without gidNumber;
>
> You are using the winbind 'ad' backend on the member server, for
> this to work, your users need a 'uidNumber' attribute and 'Domain
> Users' (at least) *NEEDS* a 'gidNumber'
after assigning UNIX attributes to users and domain...
2015 Apr 06
0
Samba as AD member can not validate domain user
...read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
>> You have posted what is probably your problem:
>>
>> 3. ldbsearch -s sub -H private/sam.ldb '(cn=Domain Users)'
>> objectSID gidNumber
>> gives onlyObjectSID without gidNumber;
>>
>> You are using the winbind 'ad' backend on the member server, for
>> this to work, your users need a 'uidNumber' attribute and 'Domain
>> Users' (at least) *NEEDS* a 'gidNumber'
>
> after assigning UNIX attrib...
2015 Apr 06
0
Samba as AD member can not validate domain user
...read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
>> You have posted what is probably your problem:
>>
>> 3. ldbsearch -s sub -H private/sam.ldb '(cn=Domain Users)' objectSID
>> gidNumber
>> gives onlyObjectSID without gidNumber;
>>
>> You are using the winbind 'ad' backend on the member server, for this
>> to work, your users need a 'uidNumber' attribute and 'Domain Users'
>> (at least) *NEEDS* a 'gidNumber'
>
> after assigning UNIX attribut...
2015 Apr 05
2
Samba as AD member can not validate domain user
I am sorry for many P.S.
>> When domain user tries to access file server (samba4, member of AD domain)
>> server logs such error:
>>
>> 2015/04/05 21:13:01.095178, 1]
>> ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
>> Username DOMAINwusername is invalid on this system
>>
>> [2015/04/05 21:13:01.095200, 1]
>>