similar to: winbind/i­dmap­ issue on samba4 mem­ber s­erver

Oh! I think I did find the error now :-) If I understand "NOW" correctly, I have also to assign a UID to EACH of my AD users in ADUC tool in the [UNIX Attribute] tab, is that correct? I just tried out. In ADUC tool I did choose "testuser3", and on the [UNIX Attribute] tab I activated the NIS domain so it reflects to "MYDOM". Then by default there was UID=10000, I

> Comment from Rowland: > [...]an AD user without a uidNumber is merely a windows user Hi Rowland, just for my understanding, I have a question. If a domain user in my samba4 AD domain does not have been assigned with a "uid" on the [UNIX Attribute] tab of my ADUC tool, that user in general *cannot* access any of the shares of that particular member server? Is that correct? My

Hello list, I'm stuck since 2 days and I have no clue how to troubleshoot and solve that problem. Any help really really appreciated. Scenario: ========= I am using Samba 4.1.12/sernet on DC1 (172.19.100.1) and DC2 (172.19.100.2) with default [netlogon] and [sysvol] share only. I installed an additional samba4 server with fileserving role which is called MEMBERSRV1 (172.19.100.3), which is

Hello list, my DC and member server is running Samba 4.1.12. The DC was provisioned with rfc2307 and NIS extensions. Through ADUC tool and the [UNIX Attribute] tab I assigned a uid to the AD user "testuser1" and I also assigned a gid to the AD group "Domain Users". The member server was configured according the official wiki of samba.org. Winbind was configured on the member

Hello, I am running Samba 4.1.12/Sernet on Debian Wheezy 64bit and I am about to setup my member server. The DC was provisioned with rfc2307 and extended attributes. I have assigned to the domain group called "Domain Users" the GID=10000. My member server was prepared with ACL+user_xattr and winbind support. My /etc/nsswitch.conf is using "winbind" for passwd+group, and

Hello list, using AD with rfc2307 provisioned and NIS extensions are available. In ADUC tool I choose the group "Domain Admins" and click on the [UNIX Attributes] tab. I activate it for my domain and choose the GID=500. When I execute on my member server "net cache flush && getent group 500" I get the result domain admins:x:500:johndoe,name1,name2 So far so good,

Hello list, I am using the Microsoft ADUC (Active Directory Users & Computers) tool from the RSAT suite for creating and modifying my domain users. I am aware of the "copy" functionality which really is very nice to use. Unfortunately I am missing two important actions during the user-creation process which I try to describe: 1.) When I use the template feauture (by using the

All, We have a samba3 domain which provides logon services for Windows clients, and several cifs shares, some for Windows clients and some for linux servers to mount. I am testing samba 4.5.4 in a lab to understand all that needs to happen for a migration to AD on samba4. During testing we bumped up against winbind config for linux member servers. Since we want users to authenticate against AD,

Hello list, I am not sure if this is a bug or known already but I will describe it. I have two domain controllers running on 4.1.12/sernet which are linked together. I am using unison for bidirectional sync for the sysvol directory as described on samba's wiki, although in my opinion the problem I will describe in the following has nothing to do with the sync process. The sync occurs every

Good morning Rowland and samba list ... Rowland Penny wrote on 03.07.2015 18:36:32: > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org, > Date: 03.07.2015 18:40 > Subject: Re: [Samba] Migration Samba3 -> Samba4: Accessing domain > member server is not working > Sent by: samba-bounces at lists.samba.org > > On 03/07/15

Dear Rowland, our windows admin assured me that they have set uidNumber and gidNumber in the range. I have requested screenshots for confirmation. Now we are one step further: "getent passwd | grep mdecker" now lists the AD account. mdecker:*:13667:7142:Decker, Martin:/home/MYDOM/mdecker:/bin/false With "getent passwd mdecker" however, it shows

Hi list, I am experimenting with two member servers (both samba4). I am using following configuration: membersrv:/etc/samba/smb.conf: ========================== [...] username map = /etc/samba/smbmap [...] membersrv:/etc/samba/smbmap: ========================= !root = MYDOM\johndoe MYDOM\foo MYDOM\bar MYDOM\Administrator Administrator So the domain users from my AD called "John Doe",

Back on February 28, 2018, I started a thread "User permissions of profile/home directory lost" describing a problem occurring with my wife's user account. Since that time the random problem has persisted so I turned on some debugging. I have been able to determine that somehow her account idmap is broken. Here is the entry for my wife's SID as found in the idmap.ldb file

Hi, For several linux server on our network we want to allow the AD domain group called "MYDOM\Domain Admins" to login through ssh with their AD credentials. Our DC1 and DC2 are running on Debian 64bit using Samba 4.1.12/Sernet. I'm kinda confused, what exactly I need therefore. Do I need to setup a PAM_authentication as explained on that tutorial here?

Hey all, I decided to use the default ranges in the smb.conf of my member server, so I changed my smb.conf and it looks like that: ================================================== [global] netbios name = MEMBERSRV workgroup = MYDOM security = ADS realm = MYDOM.EXAMPLE.COM encrypt passwords = yes idmap config MYDOM:backend = ad idmap

Thanks Rowland and Louis, after changing from ad to rid, i get all users listed with "getent passwd", not just the ones with uidNumber - which is good. But "getent passwd MYDOM\\mdecker" still does not resolve. In addition, no groups are listed with "getent group". Looking at winbindd debug, it seems that after trying getgrsid on the very first group "Exchange

Thank you for your feedback. I have changed the parameters, but still no success. winbind use default domain = yes idmap config * : range = 1000000-1999999 idmap config MYDOM : range = 100-999999 Regards, Martin 2017-08-18 15:00 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > > See inline comments: > > On Fri, 18 Aug 2017 14:40:54 +0200 >

Hello, No it's a AD classicupgraded from a Samba 3 PDC Here's a user example from my DC uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users) groupes=513(MYDOM\domain us ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041 (MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users) my first user start at uid 1001 (1000 was the

Dear List, I am trying to set up Samba 3.6.25 (solaris 11.3 packaged) to provide unix file shares to windows users. I can successfully list groups and users with wbinfo -u / wbinfo -g, but I do not get any data with "getent group" or "getent passwd". In AD, we have set "gidNumber" Attribute for Group "Domain Users" to a value in the specified range

Hello, Lots of messages in smbd log file on a Samba file server, which is member of a Samba AD : [2018/07/24 10:30:00.822403, 0] ../source3/smbd/posix_acls.c:2080(create_canon_ace_lists)