[Samba] [Samba 3, Debian wheezy] All of a sudden, resolving ADS user fails completely
Patrick G. Stoesser
lists at pgs-info.de
Wed Dec 11 05:15:25 MST 2013
Am 10.12.2013 16:30, schrieb Rowland Penny:
> Hi, I take it that the machine in question is part of a domain and if
> so, I am surprised it works at all.
Well, I've got three other servers here running that way, and that's the
way the official Samba Howto describes, and that works since years -
only on one server not since yesterday.
I figured aout that the problem occurs after updating several samba
components to *deb7u2. See my reply to Harry today.
You have quite a few lines in your
> smb.conf that could be removed because they are the defaults, but the
> biggest problem, as far as I can see is that the only lines that refer
> to winbind are these:
> winbind separator = #
> winbind use default domain = Yes
> winbind enum users = no
> winbind enum groups = no
> I would expect something like this:
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind expand groups = 4
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind offline logon = yes
> winbind normalize names = Yes
> idmap config AD:schema_mode = rfc2307
> idmap config AD:range = 20000-3100000
> idmap config AD:backend = ad
> idmap config *:range = 1100-2000
> idmap config *:backend = tdb
> Though the backend line could be 'rid' instead. Without the above lines,
> I expect that the users will have different uid numbers on every server,
> I could be wrong but I do not think so.
I gave that a try, but it didn't work.
At the moment time is not on my side, so I transfer the data onto
another server (and that works!), so my users can access their data.
After that, I will purge samba completely and start from scratch. Feels
almost like Windows :-(
More information about the samba