similar to: question about winbind rid idmaping

On Thu, Oct 29, 2020 at 7:21 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 29/10/2020 11:04, Andrea Cucciarre' via samba wrote: > > Hello, > > > > I have just realized that winbind rid idmapping create the following > > idmapping for user, below an example: > > > > # id HYPERFILE\\simone > > *uid=11663*(HYPERFILE\simone)

Hello, I have successfully (hopefully) configured samba to run in Kubernetes pods, basically I have a pod (i.e. container) that run winbindd and join the Windows AD, and a pod (i.e. container) that run smbd. I have used socat to allow the unix socket communication between winbindd and smbd pods: *** winbindd pod *** UID??????? PID? PPID? C STIME TTY????????? TIME CMD root???????? 1???? 0? 0

Hello, I'm running Samba 4.9.5 as domain member, when I bring down the current Window DC (10.50.50.187) the winbind seems to hang instead of switching to the other available DC (10.50.50.25) The "net ads" command show that Samba switched to the other available DC: net ads join -U 'administrator' -S 'PAVONE.HYPERFILE.LOCAL' 'HYPERFILE.LOCAL'^C root at

Hello, I'm trying to setup an omnios system as a Samba DC member, and I need AD backend for consistent IDs on all Samba clients. The AD join is successful, the wbinfo shows the AD users # /opt/samba/bin/wbinfo -n andrea S-1-5-21-2680195940-2267646359-3814218302-1109 SID_USER (1) however, " getent passwd ..." returns nothing for the user (all the AD user) I have enabled debugging

Hello, I'm trying to access a Samba share as anonymous/guest user, so I have added the following entry inf file smb.conf (Samba 4.9) guest account = andrea map to guest = bad user ... [test] available = yes browsable = yes guest ok = yes nfs4: acedup = merge nfs4: mode = special path = /var/tmp/test read only = no and the shared directory /var/tmp/test has the following permission (so

I'm not sure I have understood, I'm mounting the share as "urca" user, which is not a known user. Although I'm setting smb.conf so that for guest user it uses the privileges of the known user "andrea" Could you please advice on what I should set for "guest account" in smb.conf? Thanks Andrea Il 1/23/2019 5:15 PM, Rowland Penny via samba ha scritto:

I have checked the DNS configuration as you recommended, and run more tests. It seems that winbidndd recover itself within about 10 minutes after the DC has been shutdown, not sure where that sort of timeout comes from :( # sleep 60; while true; do date; wbinfo -u; sleep 60; done Thu Aug? 1 16:39:32 CEST 2019 HYPERFILE\guest HYPERFILE\defaultaccount HYPERFILE\krbtgt HYPERFILE\administrator

Hello Rowland, thanks, configuring the uidNumber and gidNumber on the AD fixed the issue, now getent passwd works. I just have one remaining issue, it seems the ACL doesn't work. As an example when I set ACL with full permission for user andrea: # /usr/bin/ls -ldV /cache/testsamba/ d---------+  3 root     root           5 Jun 19 19:40 /cache/testsamba/            

Am 10/29/20 um 1:07 PM schrieb Rowland penny via samba: > On 29/10/2020 11:56, Andrew Walker wrote: >> Several of the idmap backends (including idmap_rid) in samba support >> id_type_both (the ID is both a user and a group). This is ultimately >> needed for accurately producing Windows-style behavior regarding >> permissions (where a group can be the owner of a file).

Hi, just out of curiosity why? Is it a personal challenge? On 9/22/20 1:37 PM, Andrea Cucciarre' via samba wrote: > Hello, > > I have successfully (hopefully) configured samba to run in Kubernetes > pods, basically I have a pod (i.e. container) that run winbindd and join > the Windows AD, and a pod (i.e. container) that run smbd. > I have used socat to allow the unix

Sorry my bad, thanks for spotting it. Should that explains also the failure to grab the mutex? Andrea Il 3/12/2019 12:14 PM, Rowland Penny via samba ha scritto: > On Tue, 12 Mar 2019 12:01:08 +0100 > Andrea Cucciarre' <acucciarre at cloudian.com> wrote: > >> The OS is OmniOS, the DC is Windows Server (not sure about the >> release), and below the smb.conf.

Hello, Still fighting on this issue, now sometimes I get the following (may be) relevant errors: [2019/03/18 14:46:03.329505, 10, pid=582, effective(0, 0), real(0, 0), class=idmap] ../source3/winbindd/idmap.c:509(idmap_find_domain)   idmap_find_domain called for domain 'BITINTRA' [2019/03/18 14:46:03.329577, 10, pid=582, effective(0, 0), real(0, 0), class=winbind]

The OS is OmniOS, the DC is Windows Server (not sure about the release), and below the smb.conf. I have also noted that they have more trusted domains, but since they configured ad idmap only for one domain, then all the other domains use tdb idmap [global] client ldap sasl wrapping = plain dedicated keytab file = /etc/krb5.keytab disable spoolss = yes host msdfs = no idmap config * : backend

Hello, I had a problem with Samba winbind id-mapping  on a system that is part of an AD domain. In the smb.conf I have the following setting: idmap config <domain> : backend = rid idmap config <domain> : range = 1000000-3000000 idmap config <domain> : schema_mode = rfc2307 winbindd was failing to convert some user SID to UID and in the idmap logs I have the following error:

My customer complain that in the AD DC they see the following insecure communication coming from the Samba server (DC member): "The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection." So Samba does an insecure LDAP bind and

On 29/10/2020 13:32, Ralph Boehme wrote: > Am 10/29/20 um 1:07 PM schrieb Rowland penny via samba: >> On 29/10/2020 11:56, Andrew Walker wrote: >>> Several of the idmap backends (including idmap_rid) in samba support >>> id_type_both (the ID is both a user and a group). This is ultimately >>> needed for accurately producing Windows-style behavior regarding

Hi: I want to convert our samba file server from rfc2307 to rid backend. the configuration looks like: idmap config *:backend = tdb idmap config *:range = 5000-9999 idmap config SAMDOM:backend = rid idmap config SAMDOM:range = 10000-999999 idmap config SAMDOM:unix_primary_group = yes Most things work fine. normal user-id and group-id changed. so we change owners and acls to

On Tue, 19 Jun 2018 16:10:33 +0200 Andrea Cucciarrè via samba <samba at lists.samba.org> wrote: > Hello, > > I'm trying to setup an omnios system as a Samba DC member, and I need > AD backend for consistent IDs on all Samba clients. > The AD join is successful, the wbinfo shows the AD users > > # /opt/samba/bin/wbinfo -n andrea >

The DC is a Windows AD DC. Could you please clarify why i should change setting in the Windows DC instead of the Samba server, which is the one that does the insecure ldap bind? Regards Andrea Cucciarre' On 11/9/2020 3:13 PM, Rowland penny via samba wrote: > On 09/11/2020 13:28, Andrea Cucciarre' wrote: >> My customer complain that in the AD DC they see the following

On Wed, 23 Jan 2019 16:56:42 +0100 Andrea Cucciarre' via samba <samba at lists.samba.org> wrote: > Hello, > > I'm trying to access a Samba share as anonymous/guest user, so I have > added the following entry inf file smb.conf (Samba 4.9) > > guest account = andrea > map to guest = bad user > ... > [test] > available = yes > browsable = yes >