[Samba] 3.5.11: active directory: getent did not see users
David Touzeau
david at touzeau.eu
Thu Aug 18 03:18:15 MDT 2011
Dear
I thank there is misconfiguration here, did anybody help me ?
have "Could not convert sid" issue
wbinfo -t
checking the trust secret for domain AD2003 via RPC calls succeeded
root at nas03:~# wbinfo -n AD2003/gch
S-1-5-21-1430701326-2212591448-2995707960-1119 SID_USER (1)
root at nas03:~# wbinfo -s S-1-5-21-1430701326-2212591448-2995707960-1119
AD2003/gch 1
root at nas03:~# wbinfo -S S-1-5-21-1430701326-2212591448-2995707960-1119
Could not convert sid S-1-5-21-1430701326-2212591448-2995707960-1119 to
uid
here its is the configuration
[global]
workgroup = AD2003
netbios name = nas03
server string = %h server
disable netbios =no
name resolve order =host lmhosts wins bcast
dns proxy = No
wins support = No
min protocol = NT1
syslog = 3
log level = 1
log file = /var/log/samba/log.%m
debug timestamp = yes
# Enable symbolics links -----------------------------------
follow symlinks = yes
wide links = yes
unix extensions = no
usershare allow guests = no
usershare max shares = 100
usershare owner only = true
usershare path=/var/lib/samba/usershares/data
#Guest access
guest account = nobody
map to guest = Bad Password
template homedir = /home/%U
template shell = /bin/false
enable privileges = yes
os level = 40
ldap passwd sync = no
#WINBINDD *******************************************************
security = ADS
realm = AD2003.GUIDTZ.LOCAL
idmap config AD2003:backend = ad
idmap config AD2003:readonly = yes
idmap config AD2003:schema_mode = rfc2307
idmap config AD2003:range = 1000-999999
idmap gid = 16777216-33554431
idmap uid = 16777216-33554431
client use spnego = Yes
encrypt passwords = Yes
client ntlmv2 auth = Yes
client lanman auth = No
winbind normalize names = Yes
winbind separator = /
winbind use default domain = No
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = rfc2307
winbind offline logon = true
winbind cache time = 5
winbind refresh tickets = true
kerberos method = system keytab
allow trusted domains = Yes
server signing = mandatory
client signing = mandatory
lm announce = No
ntlm auth = No
lanman auth = No
preferred master = No
printing = bsd
# VISTA/Windows7 compatibility
# ACLs settings
nt acl support=yes
map acl inherit=yes
acl check permissions=yes
inherit permissions=no
inherit acls=no
acl map full control=yes
dos filemode=yes
force unknown acl user = no
# LDAP settings -----------------------------------
ldap delete dn = no
passdb backend = ldapsam:ldap://127.0.0.1:389
#scripts -----------------------------------
add machine script
= /usr/share/artica-postfix/bin/artica-install --samba-add-computer "%u"
ldap admin dn = cn=admin,dc=my-domain,dc=com
ldap suffix = dc=my-domain,dc=com
ldap group suffix = dc=organizations
ldap user suffix = dc=organizations
ldap machine suffix = ou=Computer,dc=samba,dc=organizations
ldap delete dn = yes
ldap ssl = off
ldap idmap suffix =
ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com
logon path =""
logon home =""
logon drive = ""
socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = yes
#character set = iso8859-1
#domain admin group = @admin
wins support = Yes
#hosts allow = 192.168.0. 127.
time server = yes
#MDFS parameters
msdfs root = no
host msdfs = no
# Shared Folders lists -----------------------------------
[Partage001]
More information about the samba
mailing list