Displaying 20 results from an estimated 10000 matches similar to: "sssd on DC for fileserver"
2015 Jun 04
2
sssd on DC for fileserver
Thanks Rowland.
'getent passwd mydomainuser' does return the correct (new, sssd) UID
e.g. 1514701182
In my /etc/nsswitch.conf I have:
passwd: files sss
group: files sss
The problem is that when I create a file from a client machine into a
samba share on this server, e.g. creating the file
\\servername\sharename\newfile.txt, this new file is not owned by UID
1514701182, but
2015 Jun 04
2
sssd on DC for fileserver
On 04/06/15 16:58, Roel van Meer wrote:
> Hi Jonathan,
>
> I think the reason might be this:
> - You are using "idmap_ldb:use rfc2307" in your Samba config, which
> means that Samba will use the ID's specified in the unix attributes in
> your AD (uidNumber, gidNumber).
> - You are using "ldap_id_mapping = True" in sssd.conf, which means
> that
2015 Jun 04
0
sssd on DC for fileserver
Hi Jonathan,
I think the reason might be this:
- You are using "idmap_ldb:use rfc2307" in your Samba config, which means
that Samba will use the ID's specified in the unix attributes in your AD
(uidNumber, gidNumber).
- You are using "ldap_id_mapping = True" in sssd.conf, which means that sssd
will map uid and gid from the objectSID attribute.
I think if you set
2015 Jun 11
4
idmap & migration to rfc2307
Yup, strange - right!
Samba 4.2.2
RFC2307 attributes were added as follows:
# sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \
-e 's/${NETBIOSNAME}/MYDOMAIN/g' \
-e 's/${NISDOMAIN}/MYDOMAIN/g' \
/usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif
# service samba4 stop
# ldbmodify -H
2015 Jun 12
2
idmap & migration to rfc2307
Thanks buhorojo. The sssd list came up trumps here. When changing ID
mappings, the sssd database must be manually removed (rm
/var/lib/sss/db/*). I now have sssd working again :)
I shall keep an eye on the mappings during the day today..
On 12 June 2015 at 07:36, buhorojo <buhorojo.lcb at gmail.com> wrote:
> On 12/06/15 01:34, Jonathan Hunter wrote:
>>
>> On 11 June 2015 at
2015 Jun 13
4
idmap & migration to rfc2307
On 13/06/15 11:00, Jonathan Hunter wrote:
> On 13 June 2015 at 09:34, buhorojo <buhorojo.lcb at gmail.com> wrote:
>>> On 12 June 2015 at 08:55, Jonathan Hunter <jmhunter1 at gmail.com> wrote:
>>> Sadly, even though sssd is now running and I'm no longer reliant on
>>> winbind, the rest of samba doesn't seem to be taking notice of these
>>>
2015 Jun 03
0
sssd on DC for fileserver
On 03/06/15 00:37, Jonathan Hunter wrote:
> Hi,
>
> Some advice, if I may..
>
> I have two Samba4 domain controllers, that I recently switched to
> using sssd (against these same DCs) for UNIX user authentication -
> this part works perfectly.
>
> However, I am using one of these as a Samba file server also. When I
> create a file via a SMB share, the UNIX UID the
2015 Jun 11
2
idmap & migration to rfc2307
On 11 June 2015 at 23:18, buhorojo <buhorojo.lcb at gmail.com> wrote:
> The idmap db will only be consulted if the object does not have either a
> uidNumber or gidNumber attribute. The easiest way to stop the pain is to:
> 1. make sure that your users have the two attributes
> 2. remove the idmap line in smb.conf
> 3. kill winbindd
> 4. consult nss information directly from
2015 Oct 24
4
ADUC - "UNIX Attributes" tab - "Unwilling To Perform"
Thanks Rowland - appreciated.
I have checked the ldbsearch result and both groups look to be pretty
much exactly the same to me, one of them is shown below (I have
sanitised some of the output, replacing parts with 123/a/b/c, but the
rest of the output is byte for byte as seen)
In the time between posting my original message and checking again
just now, however, I have the following additional
2015 Jun 13
3
idmap & migration to rfc2307
On 13/06/15 16:33, Jonathan Hunter wrote:
> Hi buhorojo,
>
> I *think* I have a stable system for the moment... so thank you :-)
>
> On 13 June 2015 at 12:50, buhorojo <buhorojo.lcb at gmail.com> wrote:
>>> I now set in smb.conf:
>>>
>>> server services = -dns +winbind -winbindd
>>>
>>> I stopped samba, then removed
2015 Apr 01
3
sssd-ad cannot be installed with sernet samba
On 01/04/15 18:56, Luca Olivetti wrote:
> El 01/04/15 a les 17:59, buhorojo ha escrit:
>
>> The poster reported that nss doesn't work. Try it. Both getent and id
>> return errors with winbind. That's an error with sernet, not sssd. Many
>> of the questions on this list are about errors with nss. sssd makes
>> those errors go away.
> Actually I reported that
2015 Apr 02
2
sssd-ad cannot be installed with sernet samba
On 02/04/15 12:41, buhorojo wrote:
> On 02/04/15 12:48, Rowland Penny wrote:
>> On 02/04/15 11:37, buhorojo wrote:
>>> On 02/04/15 12:19, Rowland Penny wrote:
>>>> On 02/04/15 11:05, buhorojo wrote:
>>>>> On 02/04/15 11:27, Rowland Penny wrote:
>>>>>> On 02/04/15 10:20, buhorojo wrote:
>>>>>>> On 02/04/15 08:36,
2015 Apr 02
3
sssd-ad cannot be installed with sernet samba
On 02/04/15 14:56, buhorojo wrote:
> On 02/04/15 15:45, Rowland Penny wrote:
>> On 02/04/15 14:35, buhorojo wrote:
>>> On 02/04/15 14:56, Rowland Penny wrote:
>>>> On 02/04/15 13:38, buhorojo wrote:
>>>>> On 02/04/15 14:09, Rowland Penny wrote:
>>>>>> On 02/04/15 12:41, buhorojo wrote:
>>>>>>> On 02/04/15 12:48,
2015 Apr 02
2
sssd-ad cannot be installed with sernet samba
On 02/04/15 11:05, buhorojo wrote:
> On 02/04/15 11:27, Rowland Penny wrote:
>> On 02/04/15 10:20, buhorojo wrote:
>>> On 02/04/15 08:36, L.P.H. van Belle wrote:
>>>> nss/winbind does work, yes, there is 1 missing file, just created it.
>>>> ( and this is not needed on a DC ! )
>>> So you are telling us that something that returns:
>>>
2015 Apr 02
2
sssd-ad cannot be installed with sernet samba
On 02/04/15 14:35, buhorojo wrote:
> On 02/04/15 14:56, Rowland Penny wrote:
>> On 02/04/15 13:38, buhorojo wrote:
>>> On 02/04/15 14:09, Rowland Penny wrote:
>>>> On 02/04/15 12:41, buhorojo wrote:
>>>>> On 02/04/15 12:48, Rowland Penny wrote:
>>>>>> On 02/04/15 11:37, buhorojo wrote:
>>>>>>> On 02/04/15 12:19,
2015 Apr 02
2
sssd-ad cannot be installed with sernet samba
On 02/04/15 11:37, buhorojo wrote:
> On 02/04/15 12:19, Rowland Penny wrote:
>> On 02/04/15 11:05, buhorojo wrote:
>>> On 02/04/15 11:27, Rowland Penny wrote:
>>>> On 02/04/15 10:20, buhorojo wrote:
>>>>> On 02/04/15 08:36, L.P.H. van Belle wrote:
>>>>>> nss/winbind does work, yes, there is 1 missing file, just created
2015 Apr 02
7
sssd-ad cannot be installed with sernet samba
On 02/04/15 13:38, buhorojo wrote:
> On 02/04/15 14:09, Rowland Penny wrote:
>> On 02/04/15 12:41, buhorojo wrote:
>>> On 02/04/15 12:48, Rowland Penny wrote:
>>>> On 02/04/15 11:37, buhorojo wrote:
>>>>> On 02/04/15 12:19, Rowland Penny wrote:
>>>>>> On 02/04/15 11:05, buhorojo wrote:
>>>>>>> On 02/04/15 11:27,
2015 Jun 13
2
idmap & migration to rfc2307
On 13/06/15 00:01, Jonathan Hunter wrote:
> On 12 June 2015 at 08:55, Jonathan Hunter <jmhunter1 at gmail.com> wrote:
>> Thanks buhorojo. The sssd list came up trumps here. When changing ID
>> mappings, the sssd database must be manually removed (rm
>> /var/lib/sss/db/*). I now have sssd working again :)
>>
>> I shall keep an eye on the mappings during the
2015 Apr 01
2
sssd-ad cannot be installed with sernet samba
On 01/04/15 09:53, Rowland Penny wrote:
> On 01/04/15 08:09, Luca Olivetti wrote:
>> El 01/04/15 a les 09:02, L.P.H. van Belle ha escrit:
>>
>>> Again..
>>> switch to debian Jessie, which is fine. yes its testing atm but in a
>>> few months it wil be the new stable.
>>> Als long as you dont install to many, you wil be fine, my print
>>>
2015 Jun 13
2
idmap & migration to rfc2307
On 13/06/15 17:33, Jonathan Hunter wrote:
> Hi buhorojo,
>
> I *think* I have a stable system for the moment... so thank you :-)
>
> On 13 June 2015 at 12:50, buhorojo <buhorojo.lcb at gmail.com> wrote:
>>> I now set in smb.conf:
>>>
>>> server services = -dns +winbind -winbindd
>>>
>>> I stopped samba, then removed