similar to: autorid broken in samba 4.9?

Show the servers there smb.conf that might help. And your using autorid.. https://wiki.samba.org/index.php/Idmap_config_autorid Drawbacks: User and group IDs are not equal across Samba domain members. TC84\administrator:*:1100500:1100513::/home/administrator at TC84 TC83\administrator:*:1200500:1200513::/home/administrator at TC83 1200500-1100500 = 100000 idmap config * : rangesize =

I realize I never followed up with this. The problem here turned out to be that I was doing a "reload" of the samba services (smb, nmb, winbind) to pick up my ID mapping changes in smb.conf. Switching my test case to do a "restart" instead resolved the issue. More details: The test case basically did the following: 1. Join AD using "realm join --client-software=winbind

Hi all, Thanks for the replies. On Thu, Apr 9, 2020 at 3:54 AM L.P.H. van Belle via samba < samba at lists.samba.org> wrote: > Good morning Rowland, > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland penny via samba > > Verzonden: donderdag 9 april 2020 9:46 > > Aan: samba at

Good morning Rowland, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: donderdag 9 april 2020 9:46 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] autorid broken in samba 4.9? > > On 09/04/2020 08:34, L.P.H. van Belle via samba wrote: > > Show the servers there smb.conf

Your config looks ok, as far i can tell. This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL" As it should spn/hostname.fqdn at REALM nothing wrong with that. But if i understand it right. Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL ( NTDOM:TC83 ) But you get TC84 back?. On the problem server run the following: dig a kvm7246-vm022.maas.local @IP_of_AD-DC

In case you missed the link in the original email, here's the smb.conf: [global] kerberos method = secrets and keytab logging = systemd realm = TC83.LOCAL security = ADS template homedir = /home/%U@%D template shell = /bin/bash winbind offline logon = Yes winbind refresh tickets = Yes workgroup = TC83 idmap config * : range = 1000000-19999999 idmap config * : backend = autorid

Here's the keytab info: ubuntu at kvm7246-vm022:~/samba$ sudo klist -ek /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 1) 12 host/KVM7246-VM022 at TC83.LOCAL (etype 1) 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 3) 12

On 28/10/2019 21:53, Nathaniel W. Turner via samba wrote: > Hi folks, > > I'm trying to support a customer with multiple AD forests, and during my > research, I've observed some odd behavior. In my lab tests, it seems like > authentication works for users in all trusted forests, but only if NTLMSSP > is used. When Kerberos ends up being used, authentication only seems to

Hi folks, I'm trying to support a customer with multiple AD forests, and during my research, I've observed some odd behavior. In my lab tests, it seems like authentication works for users in all trusted forests, but only if NTLMSSP is used. When Kerberos ends up being used, authentication only seems to work for users in the local domain. Here's the test setup: - Two Active Directory

Hi all. I?m trying to understand a weird authentication failure: I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, with a bidirectional forest trust. The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is running a recent build from git master (f38077ea5ee). When I test authentication of users in each domain by running ntlm_auth on the samba server,

Hi, please run the command: klist -ek /etc/krb5.keytab and post the output along with the file smb.conf. how do you access your share? \\kvm7246-vm022.maas.local\\ <https://lists.samba.org/mailman/listinfo/samba>sharename" or something like that? bb. Il giorno ven 15 nov 2019 alle ore 18:24 Nathaniel W. Turner via samba < samba at lists.samba.org> ha scritto: > Hi all.

I?m trying to understand a weird authentication failure: I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, with a bidirectional forest trust. The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is running a recent build from git master (f38077ea5ee). When I test authentication of users in each domain by running ntlm_auth on the samba server, it is

Hi Louis, On Wed, Nov 20, 2019 at 3:27 AM L.P.H. van Belle via samba < samba at lists.samba.org> wrote: > Your config looks ok, as far i can tell. > > This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL" > As it should spn/hostname.fqdn at REALM nothing wrong with that. > > But if i understand it right. > > Your server : kvm7246-vm022.maas.local is in

On Tue, Oct 29, 2019 at 11:43 AM Rowland penny via samba < samba at lists.samba.org> wrote: > A) You do not need 'realmd', 'sssd' etc > Understood. Using realmd is a convenience, as it automates some housekeeping, but I'm happy to take it out of the picture for the purposes of this test, if that's important. > B) Your smb.conf is incorrectly set up. >

On 29/10/2019 15:59, Nathaniel W. Turner via samba wrote: > On Tue, Oct 29, 2019 at 11:43 AM Rowland penny via samba < > samba at lists.samba.org> wrote: > >> A) You do not need 'realmd', 'sssd' etc >> > Understood. Using realmd is a convenience, as it automates some > housekeeping, but I'm happy to take it out of the picture for the purposes

I see. =) I probably should have set the backend to autorid for "*", but I didn't think the ID mapping really mattered for the specific test I was doing. The "realm list" output shows the client software as winbind (not sssd) and the logs show messages from winbindd as it handles the authentication (in the successful cases), so I think that indicates that winbind is in

Hello Jeremy and Ralph Thanks for your suggestions. I compiled samba-4.8.0 and running it instead of samba-4.6.2. I saw the changes that you mentioned in the latest vfs_nfs4acl_xattr module. The operation not supported error is gone but it is now failing with access denied. Here is what I tried: *[root at test3 ajain]# net conf showshare local[local] path = /home/ajain/mount

I'm having issues with idmap autorid and rid on 3.6.2. If I use tdb backend, it works fine. If I do "wbinfo -i testuser" when using rid/autorid, I get this: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user testuser The same command with tdb returns the info as expected. wbinfo -u and wbinfo -g work fine under all configurations. I could not find

Hi, I have 12 linux servers that I would like users authenticating against my active directory. In a test environment I have tried setting up autorid so a user logged into server A sees the same ownership etc as the a user logged into server B. I tried using the minimal config from the idmap_autorid man page idmap config * : backend = autorid idmap config * : range = 1000000-1999999

On Wed, Jun 17, 2020 at 9:53 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 17/06/2020 14:25, Nathaniel W. Turner via samba wrote: > > I realize I never followed up with this. The problem here turned out to > be > > that I was doing a "reload" of the samba services (smb, nmb, winbind) to > > pick up my ID mapping changes in smb.conf.