similar to: Added RFC2307 --> Unable to convert SID (S-1-1-0)

>From my .bash_history on the schema master DC, effectively: # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \ -e 's/${NETBIOSNAME}/MYDOMAIN/g' \ -e 's/${NISDOMAIN}/MYDOMAIN/g' \ /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif # service samba4 stop # ldbmodify -H /usr/local/samba/private/sam.ldb

Yup, strange - right! Samba 4.2.2 RFC2307 attributes were added as follows: # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \ -e 's/${NETBIOSNAME}/MYDOMAIN/g' \ -e 's/${NISDOMAIN}/MYDOMAIN/g' \ /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif # service samba4 stop # ldbmodify -H

(to clarify, in case people are skimming this thread and think it is fixed..) The problem still occurs - id mappings are still being overwritten.. :(

I *think* I may have encountered a bug, or a feature, in the idmap/winbind area. I have recently added rfc2307 attributes to my AD, and am in the process of switching over. This means that I still have (unintentionally) some files/directories/etc. around with old UIDs e.g. 3000007, rather than my rfc2307 specified UIDs. What I am seeing is that the SID2XID mapping is initially correct for a

On 05/06/15 11:41, Jonathan Hunter wrote: > From my .bash_history on the schema master DC, effectively: > > # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \ > -e 's/${NETBIOSNAME}/MYDOMAIN/g' \ > -e 's/${NISDOMAIN}/MYDOMAIN/g' \ > /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif >

Thanks buhorojo. The sssd list came up trumps here. When changing ID mappings, the sssd database must be manually removed (rm /var/lib/sss/db/*). I now have sssd working again :) I shall keep an eye on the mappings during the day today.. On 12 June 2015 at 07:36, buhorojo <buhorojo.lcb at gmail.com> wrote: > On 12/06/15 01:34, Jonathan Hunter wrote: >> >> On 11 June 2015 at

2017-07-27 16:33 GMT+02:00 mathias dufresne <infractory at gmail.com>: > > > 2017-07-27 15:14 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org> > : > >> On Thu, 27 Jul 2017 08:51:52 +0100 >> Rowland Penny via samba <samba at lists.samba.org> wrote: >> >> > On Thu, 27 Jul 2017 08:36:51 +0100 >> > Rowland Penny via

On Tue, 4 Oct 2016 02:35:21 +0200 Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > Am 03.10.2016 um 18:57 schrieb Rob via samba: > > Hi all, > > > > I've been experiencing an intermittent problem where some UIDs on a > > member server spontaneously change from being their AD-derived > > values to being allocated from the default

Hi all, I've been experiencing an intermittent problem where some UIDs on a member server spontaneously change from being their AD-derived values to being allocated from the default idmap space, even when there is no change to the AD user information. Specifically, I have a member server running Samba 4.4.5 on CentOS 6.8. AD service is provided by two Samba 4.4.5 servers. The member

On 05/06/15 10:44, Jonathan Hunter wrote: > Hi, > > I have now added rfc2307 to my domain - I extended the schema, have > added UIDs to some (not all yet) of my users and groups, and have my > smb.conf with this currently: > > idmap_ldb:use rfc2307 = yes winbind nss info = rfc2307 > > winbind use default domain = Yes winbind enum users = Yes winbind > enum

Hi, Resurrecting an older thread, but this same problem has just re-occurred following a recent upgrade from 4.2.2 to 4.3.1. When this issue occurs, I can't access various files on my server (whether sysvol or other shares) - this seems to be down to incorrect UID mappings. I am using rfc2307 to set my UIDs, but samba occasionally seems to ignore this. I first noticed the problem when a

On 25.11.2023 19:11:37, Rowland Penny via samba wrote: > On Sat, 25 Nov 2023 18:58:02 +0100 > mail--- via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > after stumbling in almost every thread, that it makes sense to have > > RFC2307 enabled, I wanted to switch an AD DC to it and follwed this > > wiki page

really... > winbind expand groups = 8 This wil make your authentication very slow.. for your problem, please post your complete smb.conf im missing a lot.. Like.. ## map id's outside to domain to tdb files. idmap config * : backend = tdb idmap config * : range = 2000-9999 ## map ids from the domain and (*) the range may not overlap !

I am still trying to configure Samba to authenticate users against ActiveDirectory, but lookup uid and gids against a stand-alone OpenLDAP server. Related to a previous recommendation, I found the idmap_rfc2307 capability, which seems likely exactly what I what. Unfortunately, it does not seem to work. Users are not permitted to access shares for which they are in the group. Tests I found online

On Sun, 26 Nov 2023 15:30:19 +0100 mail--- via samba <samba at lists.samba.org> wrote: > On 25.11.2023 19:11:37, Rowland Penny via samba wrote: > > On Sat, 25 Nov 2023 18:58:02 +0100 > > mail--- via samba <samba at lists.samba.org> wrote: > > > > > Hello, > > > > > > after stumbling in almost every thread, that it makes sense to >

On 2015-11-07 at 17:47 +0000, Jonathan Hunter wrote: > On 7 November 2015 at 17:01, Michael Adam <obnox at samba.org> wrote: > > > > Also, for all I know, the DC always has local unix user and group > > IDs, and does NOT use the rfc2307 attributes for this. (Unless > > this has changed recently, but I can't imagine how.) So there is > > nothing wrong with

Mandi! Kacper Wirski via samba In chel di` si favelave... > I understand the OP, I was asking some time ago similar question, but it was > in relation to samba domain member. Thanks, Kacper. > I couldn't get backend: ad to work for > machine accounts, so i switched to idmap: rid and it solved everything. I > tried manually adding UID and GID to Domain Computer group and to

On Tue, 4 Oct 2016 16:09:40 +0200 Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > Am 04.10.2016 um 15:43 schrieb Rowland Penny via samba: > > On Tue, 4 Oct 2016 15:16:17 +0200 > > Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > >> > >> Am 04.10.2016 um 10:21 schrieb Rowland Penny: > >>> On

On Thu, Jul 4, 2019 at 4:49 PM Rowland penny via samba < samba at lists.samba.org> wrote: > On 04/07/2019 21:25, Ryan via samba wrote: > > I am still trying to configure Samba to authenticate users against > > ActiveDirectory, but lookup uid and gids against a stand-alone OpenLDAP > > server. Related to a previous recommendation, I found the idmap_rfc2307 > >

On 13/06/15 11:00, Jonathan Hunter wrote: > On 13 June 2015 at 09:34, buhorojo <buhorojo.lcb at gmail.com> wrote: >>> On 12 June 2015 at 08:55, Jonathan Hunter <jmhunter1 at gmail.com> wrote: >>> Sadly, even though sssd is now running and I'm no longer reliant on >>> winbind, the rest of samba doesn't seem to be taking notice of these >>>