[Samba] debian 10: errors with my server samba-ad

L.P.H. van Belle belle at bazuin.nl
Mon May 13 11:51:40 UTC 2019 


net groupmap list ntgroup='Domain Users'
Domain Users (S-1-5-21-2934682428-5134513513-42425326-513) -> NTDOM\domain users
But i did assign a GID myself. ( GID 10000 )

I noticed this. 

wbinfo --group-info='Domain Users'
NTDOM\domain users:x:10000:

wbinfo --gid-info 10000
NTDOM\domain users:x:10000:

wbinfo --gid-info 100
NTDOM\domain users:x:100:

So i have 2 GID for Domain users. 

wbinfo --group-info='users'
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group users

I was expecting this : 
wbinfo --group-info='BUILTIN\users'
BUILTIN\users:x:3000009: 

In my opinion.. 

Linux Users = BUILTIN\Users 
Domain users is member of BUILTIN\Users 
And user =! "domain users" 

So why are we mapping linux users into domain users. 
That looks wrong to me. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: maandag 13 mei 2019 12:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] debian 10: errors with my server samba-ad
> 
> On Mon, 13 May 2019 12:16:52 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> 
> > Hai Nathalie, 
> > 
> > The generation/provioning is ok. 
> > The "local SID message is normal, that because your joining the
> > domain and havent started samba at that point. You can ignore that. 
> > 
> > Did you install and configure bind9? 
> > The provisioning command shows that you are setting up with it. 
> > 
> > But this shows bind is not found, which is a bit off. 
> > 
> > > BIND version unknown, please modify 
> > > /var/lib/samba/bind-dns/named.conf manually.
> > > See /var/lib/samba/bind-dns/named.conf for an example 
> > > configuration include file for BIND
> > > and /var/lib/samba/bind-dns/named.txt for further 
> > > documentation required for secure DNS updates
> > > Setting up sam.ldb rootDSE marking as synchronized  
> > 
> > Your configs and all output except above and this part : 
> > > 
> LENZSPITZE2\administrator:*:0:100::/home/LENZSPITZE2/administr
ator:/bin/bash  
> > 
> > This can be correct, but i dont trust the 100 as GID here, because
> > thats the users group in debian. And i would expected to see "domain
> > users"  / ( minimaal GID) 10000
> 
> Out of the box, on a DC 'Domain Users' gets the gid for 'users', it is
> mapped in idmap.ldb 
> 'Domain Users' would only get a different ID if a gidNumber attribute
> was added to its object in AD.
> 
> > 
> > Or did you map "Domain users" into "user" 
> 
> It has always been like this.
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list