similar to: help, please, troubleshooting winbind testing during setup of Samba 4 AD member server

On 13/01/15 01:07, BISI wrote: > Found it! (Thanks to Louis van Belle and Rowland Penny for their > guidance). > > The wiki page for > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > *really* needs a note about this to be added. It will save a lot of > frustration and wasted time for others coming behind. > > The reason I say this is that a

Hai, Did you assign any UID/GID to users/groups in the AD.. i think not. If No, please do so first else you wont see any output. how : https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC My advice use the windows ADUC to set the GID/UID If Yes.. Ok.. thats strange,.. post your (sanitized) smb.conf Greetz, Louis >-----Oorspronkelijk bericht----- >Van: d3r3kshaw at

Found it! (Thanks to Louis van Belle and Rowland Penny for their guidance). The wiki page for https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server *really* needs a note about this to be added. It will save a lot of frustration and wasted time for others coming behind. The reason I say this is that a default Windows Server 2008 R2 install, *does not provide* the necessary tools

Hello Stefan, I learned the hard way about .local. I understand going forward. I do have an issue with the member server. Following along with the wiki I get stuck at 'Testing the Winbind user/group mapping'. Wbinfo works as expected but not #*id DomainUser* #*getent passwd* #*getent group* #*chown DomainUser:DomainGroup file* #*chgrp DomainGroup file* etc. I receive

Rowland, I set a user with a uid and domain users group with a gid but I'm still unable to view them using 'id'. I do notice a few strange observations. If I go to another user to attempt to assign a uid. I get the default value of 10000. I would expect 2001 given I set the first user with uid 2000. Groups however appear to increment. On 12/31/2014 10:52 AM, Rowland Penny

Hi Rowland, I did. Unfortunately something is still amiss. I do receive a response from 'getent group domain users'(users:x:100). On 12/31/2014 12:26 PM, Rowland Penny wrote: > On 31/12/14 17:23, James wrote: >> Rowland, >> >> I set a user with a uid and domain users group with a gid but I'm >> still unable to view them using 'id'. I do

Hi Rowland, passwd: compat winbind group: compat winbind 'getent passwd tuser' results in a blank terminal line. On 12/31/2014 1:12 PM, Rowland Penny wrote: > On 31/12/14 17:55, James wrote: >> Hi Rowland, >> >> I did. Unfortunately something is still amiss. I do receive a >> response from 'getent group domain

Rowland, I decided to start over with a fresh install and attempted again. Only change I made was to start my mappings at 10000. I gave 'Domain Users' group gid 10000 and 'tuser' has uid 10001. Still didn't work btw. dn: CN=Test User,CN=Users,DC=domain,DC=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Test User sn:

Hi Rowland, I forgot to tell you the results were from my Domain Controller and not the member server. Member server returned something to the effect of 'user not found'. I am only starting the 3 services(smbd,nmbd and windbindd) listed in the wiki. Should I be starting Samba with command line switches to start as a member server? Is that even possible? Thanks for you

Hello, I'm following along with the wiki(Setup a Samba AD Member Server) and I have a question after reading the 'Set up a basic smb.conf' section. Do I need to extend the schema in order for my member server to successfully join and service file shares? Do I need to configure a krb5.conf file? Thanks. -- -James

Hi Rowland, If you don't mind I like to post my member server configuration as I attempt again. This is how my member server(Ubuntu 12.04) is configured after fresh install and prior to Samba build. Anything I'm missing that could cause my issue as I proceed? I assume no other prerequisites must be done on the other DC's either? Thanks. /*# From Wiki for DC build*/ apt-get

On 01/12/14 00:08, ?? wrote: > Rowland Penny,??: > I test id Administrator as the wiki. > I run > chown Administrator(or other DomainUser) file I got > invalid User :Administrator > > ------------------ > ?? > 2014-12-01 > > ------------------------------------------------------------- > ????Rowland Penny > ?????2014-11-28 17:59:18 > ?????? >

Rowland, I've gotten a bit further. It appears my use of '.local' is causing the issue from what I've researched. I ran '|/etc/init.d/avahi-daemon stop'. |This allowed me to successfully join the domain. Enter administrator at DOMAIN.LOCAL's password: Using short domain name -- DOMAIN Joined 'PFMEMBER1' to dns domain 'domain.local' DNS Update

Rowland, I had a typo in my hosts file which is the reason my initial DNS update failed. Corrected and joined again. Successfully joined and updated DNS A record. I then made sure to give 'Domain users' a id of 10000. I am now able to run' getent passwd' and see all my domain users! YES! However I still see something that confuses me. When I run 'id tuser' I get

Rowland, I did forget to change it. Is it as simple as renaming now or did I screw up? On 1/2/2015 12:18 PM, Rowland Penny wrote: > On 02/01/15 17:07, James wrote: >> Rowland, >> >> I had a typo in my hosts file which is the reason my initial DNS >> update failed. Corrected and joined again. Successfully joined and >> updated DNS A record. I then made

Rowland, That did it! Thank you so much. I do have a question regarding the 'getent' command before setting up file shares. When I run 'getent group Domain\ Users' I get domain_users:x:10000:user1,user2,user3,user4,user5,user6,user7,user8 Why does it show these specific users? I would assume it would only show my 'tuser'. I don't have uid's set for anyone

OK - I must be close, but I'm lost... I have a sernet member server that I built and joined to a test win2008R2 AD Domain Controller ("the AD-DC"). (Version 4.1.14-SerNet-Debian-9.wheezy) I used Louis van Belle's setup script (manually executed, just 'cause I'm that kind of guy). https://secure.bazuin.nl/scripts/4-setup-sernet-samba4-MEMBER-wheezy.sh The

Rowland, Thanks for the clarification. It appears the member server is joined and I have created a share. [demoshare] path = /srv/samba/test read only = no I have enabled ACL support and given 'SeDiskOperatorPrivilege' per the wiki. I can navigate to the share using Windows Explorer. If I set the share permissions to only me(Full Control). I can't access the share.

Rowland, That was the issue. Windows computer management console showed 0 connections. That obviously wasn't correct. A reboot corrected the issue. ACL's working as expected. I probably should have ran a 'netstat' to verify. Any best practices on who should or shouldn't have uid's or gid's set in AD? I've read where the Administrator account should

Rowland, Thanks so far for the assistance. I have a question about setting up shares on a member server. How do I map to users or groups that do not display in AD(Everyone,System,Authenticated Users)? On 1/2/2015 2:08 PM, Rowland Penny wrote: > On 02/01/15 18:59, James wrote: >> Rowland, >> >> That was the issue. Windows computer management console showed 0