similar to: Winbind on AD DC not honoring rfc2307 gid entries

Displaying 20 results from an estimated 20000 matches similar to: "Winbind on AD DC not honoring rfc2307 gid entries"

2016 May 27
0
Winbind on AD DC not honoring rfc2307 gid entries
On 27/05/16 17:44, Data Control Systems - Mike Elkevizth wrote: > Hi, > > I have a somewhat complicated Samba AD DC setup with four remote site AD > DCs (connected via VPN). These DCs also act as file servers (yes, I read > the warning in the documentation, but we don't have the resources to add > separate file servers at each site and we would like each server to be a DC
2016 Jun 14
4
Two DC but Different UID
On 14/06/16 17:00, Carlos A. P. Cunha wrote: > Correcting previous email > > > Hello! > Own two Dcs Samba 4.4, this all OK, but ids are different: > > > Example DC1: > id tr005 > uid = 3000039 (TESTELOCAL \ tr005) gid = 100 (users) groups = 100 > (users), 3000039 (TESTELOCAL \ tr005), 3,000,009 (BUILTIN \ users) > > Example DC2: > id tr005 > uid =
2018 Jan 12
3
Avoiding uid conflicts between rfc2307 user/groups and computers
Hi Samba team ! I have some conflicts between uid stored in the rfc2307 attributes and some local uid from idmap.ldb My network : ------------------ I have three samba AD DC with sysvol replication. Sadly, as I don't have some other machines, the three DC also share my user's Home and Profile directories. So I need at least : -> Builtin User/Group ID mapping between DCs (easy) ->
2016 Jun 14
1
Two DC but Different UID
That's one things to add schema in your AD, that's another thing to use that schema. Adding schema for rfc2307 in AD grant you possibility to set uidNumber, gidNumber, loginShell and others attributes to your AD users. That grant you that possibility but you are free to use that possibility. Next step is to define xidNumber to your users. 2016-06-14 18:31 GMT+02:00 Carlos A. P. Cunha
2024 Jun 22
1
primary group for AD accounts
Hi I've just recreated whole environment and after DC provision ?group "domain users" has gid 100 getent passwd OFFICE\administrator:*:0:100::/home/OFFICE/administrator:/bin/bash OFFICE\guest:*:3000011:3000012::/home/OFFICE/guest:/bin/bash OFFICE\krbtgt:*:3000015:100::/home/OFFICE/krbtgt:/bin/bash OFFICE\dhcpduser:*:3000016:100::/home/OFFICE/dhcpduser:/bin/bash getent group ...
2024 Jun 18
2
primary group for AD accounts
On Tue, 18 Jun 2024 15:25:03 +0200 PaLi via samba <samba at lists.samba.org> wrote: > > on DC - dc31: > ------------- > $ sudo samba-tool testparm > > INFO 2024-06-18 13:09:06,760 pid:31797 /usr/lib/python3/dist- > packages/samba/netcmd/testparm.py #96: Loaded smb config files from > /etc/samba/smb.conf > INFO 2024-06-18 13:09:06,760 pid:31797
2016 Jun 14
2
Two DC but Different UID
Hello! Own two Dcs Samba 4.4, this all OK, but ids are different: Example DC2: id tr005 uid = 3000039 (TESTELOCAL \ tr005) gid = 100 (users) groups = 100 (users), 3000039 (TESTELOCAL \ tr005), 3,000,009 (BUILTIN \ users) Example DC2: id tr005 uid = 3000023 (TESTELOCAL \ tr005) gid = 100 (users) groups = 100 (users), 3000023 (TESTELOCAL \ tr005), 3,000,001 (BUILTIN \ users) My smb.conf is the
2014 Dec 02
3
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On Tue, Dec 2, 2014 at 11:15 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote: > >> Doh, I missed that, well spotted Steve. > > Do not alter idmap.ldb, leave it alone, use RFC2307 attributes where > possible and join my campaign to get winbindd to pull all the attributes :-D > So, the xidNumber isn't needed? I'm going to be use SSSD for local auth,
2014 Dec 02
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 02/12/14 09:29, Greg Zartman wrote: > > I think I've finally got this all sorted out. After I setup a user using > samba-tool user create, I'll pull the RID for this new user and then set > the UID/GID = RID + 3000. I'll then set xidNumber = UIDNumber(GIDNumber), > as appropriate. I'd recommend using only 1 database for all your users (AD) and leave
2015 Jan 30
2
rfc2307 deprecated in Windows 2012 R2?
On 30/01/15 16:55, Hans-Kristian Bakke wrote: > I still do not follow you. An additional reason for including > administrator in the first place, not including that I actually want > it to work against the linux boxes like every other domain user, was > because winbind returns the exact same mapping when using idmap > backend RID with range 300000-499999 (i.e not rfc2307 attributes)
2015 Jun 05
4
Added RFC2307 --> Unable to convert SID (S-1-1-0)
Hi Rowland, On 5 June 2015 at 12:14, Rowland Penny <rowlandpenny at googlemail.com> wrote: > So I take it that when you provisioned the domain, you didn't use > '--use-rfc2307' Correct > OK, you now have the same result, so it should work as if you had used > '--use-rfc2307' Yup - and indeed it works on the second DC. > You have two problems here, well
2015 Jun 11
4
idmap & migration to rfc2307
Yup, strange - right! Samba 4.2.2 RFC2307 attributes were added as follows: # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \ -e 's/${NETBIOSNAME}/MYDOMAIN/g' \ -e 's/${NISDOMAIN}/MYDOMAIN/g' \ /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif # service samba4 stop # ldbmodify -H
2015 Jan 30
1
rfc2307 deprecated in Windows 2012 R2?
On 30/01/15 17:29, Hans-Kristian Bakke wrote: > On one of your DCs? As in you run Samba for your DCs? > > This thread was using Server 2012 R2 as DCs, and that was what my > response was aimed at. I am also using Server 2012 R2 for DCs. In this > case the Administrator is "just a user" seen from the linux boxes. > That Administrator is assigned a root-role in a Samba DC
2015 Jun 13
4
idmap & migration to rfc2307
On 13/06/15 11:00, Jonathan Hunter wrote: > On 13 June 2015 at 09:34, buhorojo <buhorojo.lcb at gmail.com> wrote: >>> On 12 June 2015 at 08:55, Jonathan Hunter <jmhunter1 at gmail.com> wrote: >>> Sadly, even though sssd is now running and I'm no longer reliant on >>> winbind, the rest of samba doesn't seem to be taking notice of these >>>
2016 Oct 09
4
Problem with one User after upgrade to 4.5.0
On 10/09/2016 02:51 AM, Rowland Penny via samba wrote: > Have you by any chance got another 3001108 'xidNumber' in idmap.ldb ? > If you give a user a 'uidNumber' attribute, the contents of this will be > used instead of the 'xidNumber' in idmap.ldb, hence you do not need to > (and probably shouldn't) use numbers in the '3000000' range. I managed to
2017 Jan 14
1
Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies
On Sat, 14 Jan 2017 17:09:47 +0000 Jonathan Hunter via samba <samba at lists.samba.org> wrote: > Hi All, > > Trying to avoid making this into a "Me too" response :) but this is > the single largest issue I have with Samba at the moment, I've > struggled with this for literally years, both before I switched to > rfc2307 (which did help in many areas) and
2017 May 27
3
idmap woes after upgrade
Hi Rowland, On 27 May 2017 11:39: > Hmm, you mention: > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > Is this on a DC or a Unix domain member ? This is on a DC. I only have two centOS7 AD DC's in my environment.. Tim
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 19:16, steve wrote: > On 01/12/14 19:30, Rowland Penny wrote: >> On 01/12/14 18:23, steve wrote: >>> On 01/12/14 19:11, Rowland Penny wrote: >>>> On 01/12/14 17:46, steve wrote: >>>>> On 01/12/14 18:25, Rowland Penny wrote: >>>>>> On 01/12/14 17:16, steve wrote: >>>>>>> On 01/12/14 18:11, Rowland Penny
2016 Oct 29
5
NT_STATUS_INVALID_SID
On Thu, 2016-10-27 at 17:23 -0200, Vinicius Bones Silva via samba wrote: > Hi Rowland, > >      Just to let you know, we removed all the idmap entries we had on > the smb.conf of our  > two DCs and the ids reported by getent passwd at the DCs were in the > 3.000.000 range, as  > you said. We had to add back 'idmap_ldb:use rfc2307 = yes' to get the > user listing
2017 Oct 23
2
Samba 4.6.7 AD, Netapp CDOT 9.2 and missing "Domain Users" membership
On 10/20/2017 05:48 PM, Rowland Penny via samba wrote: >> So I tried what is suggested in this thread: >> https://lists.samba.org/archive/samba/2016-April/thread.html#199609 > > I really should have said there that using '513' wasn't a good idea ;-) ok I'll revert to 100 ;-) > The only way to get the same IDs everywhere is to use the winbind >