[Samba] BUILTIN not mapping on DC
Ryan Bair
ryandbair at gmail.com
Mon Apr 28 12:18:39 MDT 2014
I'm hoping to find another way to resolve the issue, but how did you edit
the uid and gids in idmap.ldb? According to `ldbsearch -H ldaps://localhost
cn=Account\ Operators` I already have a GID assigned.
On Fri, Apr 25, 2014 at 4:31 PM, Achim Gottinger <achim at ag-web.biz> wrote:
> Also had GPO issues related to BUILTIN Users and Groups.
> Fixed the issues with different uid's gid's beeing assigend to the by
> winbind by manually editing uid's and gid's in idmap.ldb with ldbedit.
> Tried rid mapping for BUILDIN but it did not work on the ADDC's.
>
> achim~
>
> Am 25.04.2014 21:58, schrieb Ryan Bair:
>
> Running 4.1.6-SerNet-RedHat-7.el6 on CentOS 6.5.
>>
>> I've been bumping my head against GPO issues and am now wondering if its
>> connected to my BUILTIN groups not mapping on my DC.
>>
>> For instance on DC:
>> sh-4.1# wbinfo --gid-info=544
>> failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for gid 544
>>
>> But on a member:
>> sh-4.1# wbinfo --gid-info=544
>> BUILTIN\administrators:x:544:
>>
>> Likewise `getent group BUILTIN\\administrators` fails on the DC.
>>
>> Any ideas?
>>
>> Here is my smb.conf:
>>
>> [global]
>> workgroup = xxx
>> realm = xxx
>> netbios name = SERVER
>> server role = active directory domain controller
>> wins support = yes
>> idmap_ldb:use rfc2307 = yes
>> winbind nss info = rfc2307
>> template shell = /bin/sh
>> dns forwarder = x.x.x.x
>> server services = -smb +s3fs
>> dcerpc endpoint servers = -winreg -srvsvc
>> vfs objects = netatalk
>> unix extensions = no
>> tls enabled = yes
>> tls keyfile = tls/server_AD_DC.key
>> tls certfile = tls/server_AD_DC.crt
>> tls cafile = tls/xxx_CA.crt
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/xxx/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list