[Samba] idmap_ad problem and workaround
Joe Maloney
jpm820 at gmail.com
Tue Jan 26 21:34:10 UTC 2016
I have tried to add all of the above to smb4.conf with no luck. I also did
a net ads leave, and net ads join. In addition I cleared the contents of
/var/db/samba4. Only users who have once been granted access to domain
admins will show up. I am becoming more convinced it is something at the
Active Directory level.
Joe Maloney
On Tue, Jan 26, 2016 at 3:17 PM, Rowland penny <rpenny at samba.org> wrote:
> On 26/01/16 20:44, Joe Maloney wrote:
>
>> The DC's are running Windows Server 2012R2. The directory itself has
>> RFC2307 attributes. The file servers are running FreeBSD with Samba 4.1.
>> These are just member servers not joined as domain controllers. I have
>> tried to upgrade to samba 4.2, and samba 4.3 as a test with no difference.
>> Here is a peak at the smb4.conf via pastebin.
>>
>> http://pastebin.com/Ai14LREW
>>
>> Joe Maloney
>>
>>
> OK, try adding these two lines:
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> It may be that you are having kerberos problems and your tickets are
> expiring, check if /etc/krb5.keytab exists, you may have to re-join the
> domain member to the server.
>
> I would also suggest you add these two lines:
>
> vfs objects = acl_xattr
> map acl inherit = yes
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list