[Samba] wbinfo -u / getent passwd not working
basti
mailinglist at unix-solution.de
Fri Jul 10 10:28:45 UTC 2020
On 10.07.20 12:18, L.P.H. van Belle via samba wrote:
> Just thing i notised.
>
>> idmap config * : range = 1000-2000
> This might give conflicts.
> Output of `cat /etc/adduser.conf |grep "[G-U]ID" `
> These ranges should not overlap.
I think that should not be the problem, i have multiple servers, with
the samba config that works. and only 1 or 2 local users.
>
> After how may days/hours did it stop working?
I would say 2 days?
I do not understand why wbinfo -g work but wbinfo -u do not.
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> basti via samba
>> Verzonden: vrijdag 10 juli 2020 12:10
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] wbinfo -u / getent passwd not working
>>
>> Hello,
>> i try to setup a linux laptop for homeoffice with login for ad users.
>> The last few days it work like expected.
>>
>> today wbinfo -u return no user, getent passwd <username> also.
>>
>> wbinfo -a "SAMDOM\user"
>> Enter SAMDOM\user's password:
>> plaintext password authentication succeeded
>> Enter SAMDOM\user's password:
>> challenge/response password authentication succeeded
>>
>> wbinfo -D SAMDOM also works.
>>
>> laptop smb.conf:
>>
>> [global]
>> security = ADS
>> workgroup = SAMDOM
>> realm = SAMDOM.EXAMPLE.COM
>>
>> log file = /var/log/samba/%m.log
>> log level = 1
>>
>> winbind refresh tickets = Yes
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> winbind use default domain = yes
>>
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>> # Default ID mapping configuration for local BUILTIN accounts
>> # and groups on a domain member. The default (*) domain:
>> # - must not overlap with any domain ID mapping configuration!
>> # - must use an read-write-enabled back end, such as tdb.
>> idmap config * : backend = tdb
>> idmap config * : range = 1000-2000
>>
>> # idmap config for the SAMDOM domain
>> # alf has uid 1006
>> idmap config SAMDOM:backend = ad
>> idmap config SAMDOM:schema_mode = rfc2307
>> idmap config SAMDOM:range = 2001-999999
>>
>> template homedir = /home/%U
>> template shell = /bin/bash
>>
>> client use spnego = yes
>> client ntlmv2 auth = yes
>> encrypt passwords = yes
>> restrict anonymous = 2
>>
>> # fix dfs error's in log ?
>> host msdfs = no
>>
>> # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>> winbind offline logon = yes
>> winbind cache time = 15768000
>>
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> cat /etc/krb5.conf
>> [libdefaults]
>> default_realm = SAMDOM.EXAMPLE.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>
More information about the samba
mailing list