Displaying 20 results from an estimated 20000 matches similar to: "Samba AD-DC idmap config"
2019 Oct 18
0
Samba AD-DC idmap config
On 18/10/2019 18:48, John Redmond wrote:
> DNS is another area where I have read and experimented a lot.? Result:
> confusion.? Again, I'm using fresh installs of Ubuntu 18.04 LTS
> "server" for both the AD-DC and the fileserver machines.? Here's what
> the various config files on the fileserver look like now.? Test
> results are not exactly what they
2019 Oct 22
3
Samba domain users AWOL from Samba file server.
Using samba-tool on my samba DC, I created several users. On my separate
samba file server, joined to the domain, all the users are listed as
belonging to Domain Users ( getent group "Domain Users"). However, several
domain users are missing from the passwd database on the file server (i.e.,
nothing returned when I run getent passwd user3). Why would that be?
Each user has its own
2019 Oct 21
0
Samba AD-DC idmap config
On 21/10/2019 14:17, John Redmond wrote:
> I took the weekend off...
>
> This morning, I made the smb.conf change to backend = rid and
> commented schema_mode statement.? I also added 'winbind enum' users
> and groups lines.? I rebooted and rejoined fileserver to domain
> without error:
>
> _admin at fsvr0:~$ sudo net rpc join -U Administrator_
> Enter
2019 Oct 19
0
Samba AD-DC idmap config
On 18/10/2019 22:54, John Redmond wrote:
> One step forward with respect to the fileserver configs.? Good news
> first...
>
> * Netplan:? The symlink? /etc/resolv.conf to
> /run/systemd/resolve/stub-resolv.conf was wrong.? It now goes to
> /run/systemd/resolve/resolv.conf.? And
>
> _admin at fsvr0:/etc$ nslookup dc0.lan.lenkin.com
>
2019 Oct 22
3
Samba domain users AWOL from Samba file server.
Unfortunately, the the Ubuntu 18.04 samba-tool package doesn't have "user
show" as an option. The Windows ADUC tool shows user1 uidNumber =10001,
user2 uidNumber=10002, user3 uidNumber =10003, and user4 uidNumber=10004
Here are the getent command results on the file server/ domain member:
*admin at fsvr0:~$ getent passwd user1*
hq-user1:*:11103:10513::/home/lan/user1:/bin/bash
2019 Nov 27
2
security = ads parameter not working in samba 4.9.5
On 27/11/2019 15:30, S?rgio Basto wrote:
> On Wed, 2019-11-27 at 12:29 +0000, Rowland penny via samba wrote:
>> On 27/11/2019 11:03, S?rgio Basto via samba wrote:
>>> Sorry I meant man idmap_ad. But checking again man is equal of
>>> https://wiki.samba.org/index.php/Idmap_config_ad in EXAMPLES of man
>>> page [1]
>>>
>>> Examples don't
2016 Oct 09
4
Problem with one User after upgrade to 4.5.0
On 10/09/2016 02:51 AM, Rowland Penny via samba wrote:
> Have you by any chance got another 3001108 'xidNumber' in idmap.ldb ?
> If you give a user a 'uidNumber' attribute, the contents of this will be
> used instead of the 'xidNumber' in idmap.ldb, hence you do not need to
> (and probably shouldn't) use numbers in the '3000000' range.
I managed to
2020 May 15
6
Problems with groups, minimum gidnumber?
I have succesfully migrated our users (~3900) from our Samba 3 DC/OpenLDAP,
complete with passwords.
I have some 300 + groups that I'm trying to get migrated to our Samba 4 AD.
I can create the groups, but it looks from the domain-member's side that
groups don't work as I expect them to.
- Not all groups seems to be visible by using 'getent group'. It looks like
groups
2015 Dec 05
3
template shell RFC2307 loginShell
Thank you Rowland for looking at it.
I did read the wiki here https://wiki.samba.org/index.php/Idmap_config_ad
that is how I got as far as I did; that and the idmap_ad man page. I could
not find how to use the loginShell is there a variable I can use for it in
the template or an option to set to use it? loginShell and unixHomedir are
not mentioned on the wiki that I could find. I'm good with
2015 Dec 07
3
template shell RFC2307 loginShell
I finally got to test it and it works OK
something really strange is occurring though
It works good as follows except for groups but I'll look at that latter as
I see others have mentioned some issues with groups
here is my /etc/samba/smb.conf
security = ads
realm = DOMAIN.LONG
workgroup = DOMAIN
idmap config * : backend = tdb
idmap config * : range = 900-999
idmap config
2019 Jun 13
2
setting up a new ADS infrastructure
On Thu, Jun 13, 2019 at 07:02:27PM +0100, Rowland penny via samba wrote:
> On 13/06/2019 18:21, Stefan Froehlich via samba wrote:
> >File server and Linux clients shall use the AD-backend, so I read
> >and followed <https://wiki.samba.org/index.php/Idmap_config_ad>.
> >There it says:
> >
> >"Whichever setting you use, the group (or groups) set as the
2016 Oct 09
2
Problem with one User after upgrade to 4.5.0
Well I upgraded from 4.4.6 to 4.5.0 and discovered that one of my user
accounts is completely borked. What is very strange is that everything
in Samba looks okay. Here is the first problem symptom. The data is from
the DC.
total 80
drwxr-xr-x. 7 root root 4096 Oct 9
01:15 .
drwx------+ 77 SAMDOM\prg-11868bg SAMDOM\domain users 20480 Oct 9
00:55
2019 Oct 16
0
Samba AD-DC idmap config
Rowland - Thanks. The idmap lines belong in the file-server domain member,
not the domain controller, right?
Using ADUC on a Windows 10 machine, do you have any guidance on what GIDs
and UIDs (numbers and range) to use in setting the default AD users and
groups? In setting the "idmap config * : range= " in the smb.conf file
on the file server what range should I use? I assume that
2015 Oct 29
2
Samba AD: gidNumber?
On 27.10.2015 16:16, Rowland Penny wrote:
> On 27/10/15 14:58, Viktor Trojanovic wrote:
>>
>>
>> On 27.10.2015 13:54, Rowland Penny wrote:
>>> [...]
>>>> Yes, I meant the administrator. I did your suggested change on my
>>>> member server and restarted it. 'getent passwd administrator' is
>>>> still not returning anything,
2019 Apr 01
2
Can only access new SAMBA fileshare from Windows as privileged user SAMDOM/Administrator, not as an ordinary user.
Hi Rowland, thanks for your suggestions. I have read and re-read the
Samba docs to try and understand where I went wrong here.
I added the uidNumber and gidNumber exactly as per your comments and
that seems to improve the situation markedly. I can now at least see
that the share exists from SAMDOM\stephenellwood which wasn't possible
before. File access is now possible from
2018 May 13
2
Domain member server not getting updated AD attributes
I'm running a pure Samba AD with one Samba AD DC and one member server,
both on version 4.8.1. AD is based on idmap_ldb with rfc2307 but since I'm
using (only) Win10 clients, I have to assign all group and user numbers
manually.
This set up is not new and it's been working for years already, and still
does. Yesterday, however, I noticed that I gave two users the same
uidNumber by
2016 Dec 09
2
winbind rfc2307 - wbinfo -i fails
On 08/12/2016 13:44, Oliver Heinz wrote:
> So I gave Domain Users 99999 and voilĂ :
>
> root at m1:~# wbinfo -i SAMDOM\\demo01
> SAMDOM\demo01:*:10000:99999:demo01:/home/demo01:/bin/bash
>
> Seems samba always uses the primaryGroupID which for demo01 is set to
> 'Domain Users'. Im just wondering a bit then why there is a gidNumber
> as an user attribute, as it is
2019 Nov 27
6
security = ads parameter not working in samba 4.9.5
On 27/11/2019 11:03, S?rgio Basto via samba wrote:
> Sorry I meant man idmap_ad. But checking again man is equal of
> https://wiki.samba.org/index.php/Idmap_config_ad in EXAMPLES of man
> page [1]
>
> Examples don't mention netbios name ... I did [2] which instead use
> workgroup I used netbios name and it is working but still don't know
> why or even if it correct
2019 Apr 01
1
Can only access new SAMBA fileshare from Windows as privileged user SAMDOM/Administrator, not as an ordinary user.
Cheers, that fixed it! :O) So, if I may summarise what we have just
discussed.
1) All newly created samba users need to have the uidNumber attribute
set to a unique value (within the range specified in smb.conf for
SAMDOM) when using ad backend with RFC2307.
2) All new groups need to have the gidNumber set to a unique value
(within the range specified in smb.conf for SAMDOM) when using ad
2015 Oct 29
2
Samba AD: gidNumber?
On 29.10.2015 17:54, Rowland Penny wrote:
> On 29/10/15 16:21, Viktor Trojanovic wrote:
>>
>>
>> On 27.10.2015 16:16, Rowland Penny wrote:
>>> On 27/10/15 14:58, Viktor Trojanovic wrote:
>>>>
>>>>
>>>> On 27.10.2015 13:54, Rowland Penny wrote:
>>>>> [...]
>>>>>> Yes, I meant the administrator. I did