Displaying 20 results from an estimated 6000 matches similar to: "getent group does not list domain groups - question regarding default gidNumbers on PDC"
2019 Jun 05
2
getent group does not list domain groups - question regarding default gidNumbers on PDC
On 6/5/19 10:06 AM, Rowland penny via samba wrote:
>>
>> Now I have problems with id mapping configuration:
>>
>> wbinfo -u works.
>> wbinfo -g works.
>> getent group does not list domain users and groups.
>>
>> I logged into PDC and checked gidNumber for "Domain Users":
>>
>> [root at site-ad ~]# wbinfo --name-to-sid
2019 Jun 05
2
getent group does not list domain groups - question regarding default gidNumbers on PDC
On 6/5/19 11:26 AM, Rowland penny via samba wrote:
> On 05/06/2019 10:04, ?ukasz Michalski via samba wrote:
>>
>>>>
>>>> [root at site-ad ~]# wbinfo --sid-to-gid S-1-5-21-4155694911-3186826046-1573605777-513
>>>> 985 (same as 'users' unix gid on host)
>>> where did the '985' come from ?
>>
>> I think from there:
2019 Jun 05
0
getent group does not list domain groups - question regarding default gidNumbers on PDC
On 05/06/2019 08:32, Łukasz Michalski via samba wrote:
> Hi List,
>
> I am trying to setup samba PDC and samba file server for a small
> organization.
No you are not, you are setting up a Samba AD DC, a PDC is something
entirely different.
> I followed guidelines on samba wiki and Arch Linux wiki.
>
> I have two servers (10.21.0.2 PDC and 10.21.0.1 (file server) both
>
2019 Jun 05
0
getent group does not list domain groups - question regarding default gidNumbers on PDC
On 05/06/2019 10:04, ?ukasz Michalski via samba wrote:
>
>>>
>>> [root at site-ad ~]# wbinfo --sid-to-gid
>>> S-1-5-21-4155694911-3186826046-1573605777-513
>>> 985 (same as 'users' unix gid on host)
>> where did the '985' come from ?
>
> I think from there:
>
> [root at site-ad ~]# ldbsearch -H
2019 Jun 05
0
getent group does not list domain groups - question regarding default gidNumbers on PDC
On 05/06/2019 10:44, ?ukasz Michalski via samba wrote:
> On 6/5/19 11:26 AM, Rowland penny via samba wrote:
>> On 05/06/2019 10:04, ?ukasz Michalski via samba wrote:
>>>
>>>>>
>>>>> [root at site-ad ~]# wbinfo --sid-to-gid
>>>>> S-1-5-21-4155694911-3186826046-1573605777-513
>>>>> 985 (same as 'users' unix gid on
2019 Jun 05
1
getent group does not list domain groups - question regarding default gidNumbers on PDC
>>
>> Dunno, I just run:
>>
>> samba-tool domain provision --use-rfc2307 --interactive
>>
>> I did not touch ldap databases by hand afterwards.
>>
>> Regards,
>> ?ukasz
>>
>>
>>
> Someone did, because the xidNumber for Domain Users is set to '100' by default.
>
> If you didn't change it, then change the
2015 Apr 19
1
[bug?] idmap.ldb xidNumber attributes overlap with existing users'/groups' uidNumber/gidNumber
Greetings, All!
I've discovered a nasty mismatch in my recently upgraded domain.
It seems that a number of builtin groups have mappings in idmap.ldb that
overlap with posixAccount mappings in the sam.ldb.
Namely,
# file: var/lib/samba/sysvol/ads.example.com/scripts/
# owner: root
# group: 544
user::rwx
user:root:rwx
group::rwx
group:544:rwx
group:30000:r-x
group:30001:rwx
2015 Jul 17
2
"wbinfo --sid-to-gid" returns false gids
I've got this on the backup DC
root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516
3000000
while
root at bdc:~# ldbedit -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-1166961617-3197558402-3341820450-516
shows correct xid 3000019
and on the primary DC I've got
itk at dc:/$ wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516
3000019
2020 Jun 19
2
Add gidNumber for group
On 6/19/2020 10:00 AM, Rowland penny via samba wrote:
>
> The easiest way is to upgrade to 4.12.x and then use '_*samba-tool
> group addunixattrs*_', otherwise you could use ldbedit or create an
> ldif and use ldbmodify or ldapmodify. Another option would be to use
> something like LAM.
>
> Rowland
Sorry, but, there is what you told me to do in your first email
2015 Jul 17
1
"wbinfo --sid-to-gid" returns false gids
17.07.2015, 17:30, "Rowland Penny" <rowlandpenny241155 at gmail.com>:
> On 17/07/15 12:03, Andrej Surkov wrote:
>> I've got this on the backup DC
>>
>> root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516
>> 3000000
>
> OK, you have problems there, but not what you think. On my first DC
> (note I don't have
2020 Jun 19
2
Add gidNumber for group
On 6/19/2020 1:55 PM, Rowland penny via samba wrote:
> ldbsearch -H /var/lib/samba/private/sam.ldb '(gidNumber=*)' | grep
> 'gidNumber:' | sed 's/gidNumber: //' | sort | tail -n1
>
> Add 1 to the output and use that.
>
> Rowland
This is a newly setup DC and member server (both Debian 10.4 w/Samba
v4.12.3).
I got:
root at dc01:~# ldbsearch -H
2017 Jan 26
2
getent problems with new Samba version
On Thu, 26 Jan 2017 21:54:49 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Thu, 26 Jan 2017 16:26:02 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > On Thu, 26 Jan 2017 19:36:33 +0000 Rowland Penny wrote:
> > > > > Have you tried checking in AD with ldbsearch or ldbedit for the
> > > > > actual
2020 Aug 17
2
getent passwd blank response
On 8/17/2020 7:59 AM, Rowland penny via samba wrote:
> Could it be that 'username' doesn't have a uidNumber ?
>
>
Well, when I run "id [username]" on the DC, I get a
"uid=3000013(SUBDOM\[username])" and"gid=10000", etc.
When I run "id [username]" on the member server (mbr04) I get "id:
'SUBDOM\[username]': no such
2019 Jun 11
2
Automatically assigning uidNumber / gidNumber attributes
Am 07.06.2019 um 17:48 schrieb Rowland penny via samba:
> On 07/06/2019 16:37, ?ukasz Michalski via samba wrote:
>> On 05.06.2019 22:40, Rowland penny via samba wrote:
>>>>
>>>> https://lists.samba.org/archive/samba/2019-June/223478.html
>>>> In this post, Rowland said "Oh good, 'Domain Admins' doesn't have a
>>>> gidNumber
2015 Oct 26
2
Samba AD: gidNumber?
On 26.10.2015 23:03, Rowland Penny wrote:
> On 26/10/15 21:38, Viktor Trojanovic wrote:
>> I joined a Samba AD member server (file server) to a Samba AD DC.
>> This seems to have worked. However, if I try to access the file
>> server from the domain administrator account on a Windows client, I
>> am asked to provide authorization details. Since I have no other
2018 Oct 06
3
getent passwd no domainusers
Hi,
I just want to add a linux machine to my samba 4 ad. Its a debian stretch and I installed the following packages:apt-get install winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user samba attr ... My machine-configs:
nsswitch.conf:
passwd: files winbind
group: files winbind
shadow: compat
gshadow:files
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
2016 Oct 27
4
NT_STATUS_INVALID_SID
On Wed, 26 Oct 2016 17:27:37 -0400
Ryan Ashley via samba <samba at lists.samba.org> wrote:
> I guess I should note that it seems like the high SIDs will resolve,
> except for 300000. Below is an example.
>
> root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/
> total 16
> drwxrws---+ 4 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 Policies
> drwxrws---+ 2 MEDARTS\reachfp
2017 Jan 13
3
Duplicate xidNumbers
On 1/13/2017 3:30 PM, Rowland Penny wrote:
> On Fri, 13 Jan 2017 15:20:52 -0500
> Bob Thomas <bthomas at cybernetics.com> wrote:
>
>> On 1/13/2017 1:45 PM, Rowland Penny wrote:
>>> On Fri, 13 Jan 2017 13:30:14 -0500
>>> Bob Thomas <bthomas at cybernetics.com> wrote:
>>>
>>>> Rowland,
>>>>>> Thank you for the quick
2015 Oct 27
2
Samba AD: gidNumber?
On 27.10.2015 09:05, Rowland Penny wrote:
> On 26/10/15 22:35, Viktor Trojanovic wrote:
>>
>>
>> On 26.10.2015 23:03, Rowland Penny wrote:
>>> On 26/10/15 21:38, Viktor Trojanovic wrote:
>>>> I joined a Samba AD member server (file server) to a Samba AD DC.
>>>> This seems to have worked. However, if I try to access the file
>>>>
2019 Jun 14
1
Automatically assigning uidNumber / gidNumber attributes
> Domain Admins is mapped as ID_TYPE_BOTH in idmap.ldb on the DC, this makes Domain Admins a group and a user.
I looked on a brand new test DC (with nss-winbind), and it looks like
it doesn't work right with winbind:
root at dc1# ls -l /var/lib/samba/sysvol/ad-test.vx/Policies/
total 16
drwxrwx---+ 4 3000004 ADTEST\domain admins 4096 Jun 13 21:41
{31B2F340-016D-11D2-945F-00C04FB984F9}