[Samba] Winbind does not read uidNumber
Rowland Penny
rowlandpenny at googlemail.com
Mon Jun 30 12:58:34 MDT 2014
On 30/06/14 19:39, Lars Hanke wrote:
> Hi steve,
>
> the checklist is a great tool ... I tuned quite some things. Most of
> them didn't seem to change the behavior in any way.
>
> >> 3. Database check:
>>> no gidNumber here, add gidNumber: 10000
>>> retried on the client, still no users
>> No. This is not within your domain range.
>
> Okay, that probably was the culprit. After changing the client's
> smb.conf to extend the range the user appeared, while Administrator is
> still missing. This is what Rowland's usermap is for, I guess.
>
> Since there is nothing in the logs about this rejection, it may be the
> first thing to check if 'wbinfo -u' has the users, but 'getent passwd'
> does not have them.
>
>>> 4. check for local user
>>>
>>> getent passwd | grep -i mgr has no hits on either machine. But to check
>>> for local entries probably
>>>
>>> grep -i user /etc/passwd
>>>
>>> is more appropriate.
>> However you wish. Just make sure there is a unique domain user.
>
> The differece is that getent will report the non local users as well,
> i.e. it will report the user, if winbind happens to work properly and
> may therefore confuse people working with your checklist.
>
>>> 5. keytab (double numbering!)
>>>
>>> klist -k doesn't work, since Heimdal klist has no option -k. This is
>>> MIT
>>> syntax, if I recall correctly.
>> OK. Remove the keytab and recreate it.
>
> The Heimdal syntax is 'ktutil -k /path/to/keytab list'. This worked
> fine on /srv/files/private/secrets.keytab. I linked that to
> /etc/krb5.keytab, i.e. didn't recreate anything. Don't know if that
> was necessary, since we found kerberos working in earlier discussions.
>
Hi, can I ask a question ? if you are using wheezy, why are your samba
files in /srv/files ?
Rowland
> I walked through the other items as well and corrected /etc/hostname
> of the server. For some reason Debian 'hostname' returns 'hostname
> -s'. So probably just state the results of the fully qualified
> commands in the checklist.
>
> I learned a lot in the recent discussion with Rowland and you.
>
> Great work - thanks,
> - lars.
More information about the samba
mailing list