similar to: Member Server Setup Assistance

Hello Stefan, I learned the hard way about .local. I understand going forward. I do have an issue with the member server. Following along with the wiki I get stuck at 'Testing the Winbind user/group mapping'. Wbinfo works as expected but not #*id DomainUser* #*getent passwd* #*getent group* #*chown DomainUser:DomainGroup file* #*chgrp DomainGroup file* etc. I receive

Rowland, I set a user with a uid and domain users group with a gid but I'm still unable to view them using 'id'. I do notice a few strange observations. If I go to another user to attempt to assign a uid. I get the default value of 10000. I would expect 2001 given I set the first user with uid 2000. Groups however appear to increment. On 12/31/2014 10:52 AM, Rowland Penny

Hi Rowland, I did. Unfortunately something is still amiss. I do receive a response from 'getent group domain users'(users:x:100). On 12/31/2014 12:26 PM, Rowland Penny wrote: > On 31/12/14 17:23, James wrote: >> Rowland, >> >> I set a user with a uid and domain users group with a gid but I'm >> still unable to view them using 'id'. I do

Hi Rowland, passwd: compat winbind group: compat winbind 'getent passwd tuser' results in a blank terminal line. On 12/31/2014 1:12 PM, Rowland Penny wrote: > On 31/12/14 17:55, James wrote: >> Hi Rowland, >> >> I did. Unfortunately something is still amiss. I do receive a >> response from 'getent group domain

Rowland, I decided to start over with a fresh install and attempted again. Only change I made was to start my mappings at 10000. I gave 'Domain Users' group gid 10000 and 'tuser' has uid 10001. Still didn't work btw. dn: CN=Test User,CN=Users,DC=domain,DC=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Test User sn:

Hi Rowland, I forgot to tell you the results were from my Domain Controller and not the member server. Member server returned something to the effect of 'user not found'. I am only starting the 3 services(smbd,nmbd and windbindd) listed in the wiki. Should I be starting Samba with command line switches to start as a member server? Is that even possible? Thanks for you

Hi Rowland, If you don't mind I like to post my member server configuration as I attempt again. This is how my member server(Ubuntu 12.04) is configured after fresh install and prior to Samba build. Anything I'm missing that could cause my issue as I proceed? I assume no other prerequisites must be done on the other DC's either? Thanks. /*# From Wiki for DC build*/ apt-get

Hello Stefan, Yes I'm using Samba4 as my DC's. I also provisioned my DC's with RFC2307. [global] netbios name = PFMS1 workgroup = DOMAIN security = ADS realm = DOMAIN.LOCAL encrypt passwords = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes idmap config *:backend = tdb idmap config *:range = 70001-80000

Rowland, I've gotten a bit further. It appears my use of '.local' is causing the issue from what I've researched. I ran '|/etc/init.d/avahi-daemon stop'. |This allowed me to successfully join the domain. Enter administrator at DOMAIN.LOCAL's password: Using short domain name -- DOMAIN Joined 'PFMEMBER1' to dns domain 'domain.local' DNS Update

Rowland, I had a typo in my hosts file which is the reason my initial DNS update failed. Corrected and joined again. Successfully joined and updated DNS A record. I then made sure to give 'Domain users' a id of 10000. I am now able to run' getent passwd' and see all my domain users! YES! However I still see something that confuses me. When I run 'id tuser' I get

Rowland, I did forget to change it. Is it as simple as renaming now or did I screw up? On 1/2/2015 12:18 PM, Rowland Penny wrote: > On 02/01/15 17:07, James wrote: >> Rowland, >> >> I had a typo in my hosts file which is the reason my initial DNS >> update failed. Corrected and joined again. Successfully joined and >> updated DNS A record. I then made

Rowland, That did it! Thank you so much. I do have a question regarding the 'getent' command before setting up file shares. When I run 'getent group Domain\ Users' I get domain_users:x:10000:user1,user2,user3,user4,user5,user6,user7,user8 Why does it show these specific users? I would assume it would only show my 'tuser'. I don't have uid's set for anyone

Rowland, Thanks for the clarification. It appears the member server is joined and I have created a share. [demoshare] path = /srv/samba/test read only = no I have enabled ACL support and given 'SeDiskOperatorPrivilege' per the wiki. I can navigate to the share using Windows Explorer. If I set the share permissions to only me(Full Control). I can't access the share.

Rowland, That was the issue. Windows computer management console showed 0 connections. That obviously wasn't correct. A reboot corrected the issue. ACL's working as expected. I probably should have ran a 'netstat' to verify. Any best practices on who should or shouldn't have uid's or gid's set in AD? I've read where the Administrator account should

Rowland, Thanks so far for the assistance. I have a question about setting up shares on a member server. How do I map to users or groups that do not display in AD(Everyone,System,Authenticated Users)? On 1/2/2015 2:08 PM, Rowland Penny wrote: > On 02/01/15 18:59, James wrote: >> Rowland, >> >> That was the issue. Windows computer management console showed 0

Hi Rowland, Yes. When I create a share I get the expected 'Everyone' group under 'Share Permissions' for example. I'm assuming I must map this object to Unix so all windows users can access this share. However in AD there is no 'Everyone' group to set a gid. I wouldn't necessarily expect one either. I'm currently under the mind set that with a member

That is actually the wiki page I am currently referencing in my question. From the wiki you can see the 'Everyone' group. I would normally remove and add domain users or authenticated users. That prompted me to ask myself "what if I wanted the everyone group to have access"? How does the member server know who the everyone group is since the share is created on the server.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello James, Am 31.12.2014 um 15:48 schrieb James:> Hello, > > I'm following along with the wiki(Setup a Samba AD Member Server) > and I have a question after reading the 'Set up a basic smb.conf' > section. Please show us your smb.conf Do I need to extend the schema in order for my member server to > successfully

Good Day all I have successfully upgraded samba 3 to samb4 in our test lab, migrating from old hardware with Ubuntu 10 to a new machine with Ubuntu 14.4 , after a bit of fight all went ok :) . I have now a specific request. Basically we would like to give to the Domain Users the possibility to change their password in a self service fashion, possibly through accessing a web page . I know there

On 31/12/14 15:42, James wrote: > Hello Stefan, > > I learned the hard way about .local. I understand going forward. > > I do have an issue with the member server. Following along with the > wiki I get stuck at 'Testing the Winbind user/group mapping'. Wbinfo > works as expected but not > > #*id DomainUser* > > #*getent passwd* > > #*getent