[Samba] [Samba 3, Debian wheezy] All of a sudden, resolving ADS user fails completely

Patrick G. Stoesser lists at pgs-info.de
Wed Dec 11 05:15:25 MST 2013

Am 10.12.2013 16:30, schrieb Rowland Penny:
> [...]
> Hi, I take it that the machine in question is part of a domain and if
> so, I am surprised it works at all.

Well, I've got three other servers here running that way, and that's the 
way the official Samba Howto describes, and that works since years - 
only on one server not since yesterday.
I figured aout that the problem occurs after updating several samba 
components to *deb7u2. See my reply to Harry today.

You have quite a few lines in your
> smb.conf that could be removed because they are the defaults, but the
> biggest problem, as far as I can see is that the only lines that refer
> to winbind are these:
> winbind separator = #
> winbind use default domain = Yes
> winbind enum users = no
> winbind enum groups = no
> I would expect something like this:
>          winbind enum users = yes
>          winbind enum groups = yes
>          winbind use default domain = yes
>          winbind expand groups = 4
>          winbind nss info = rfc2307
>          winbind refresh tickets = Yes
>          winbind offline logon = yes
>          winbind normalize names = Yes
>          idmap config AD:schema_mode = rfc2307
>          idmap config AD:range = 20000-3100000
>          idmap config AD:backend = ad
>          idmap config *:range = 1100-2000
>          idmap config *:backend = tdb
> Though the backend line could be 'rid' instead. Without the above lines,
> I expect that the users will have different uid numbers on every server,
> I could be wrong but I do not think so.

I gave that a try, but it didn't work.

At the moment time is not on my side, so I transfer the data onto 
another server (and that works!), so my users can access their data. 
After that, I will purge samba completely and start from scratch. Feels 
almost like Windows :-(

Regards, Patrick

More information about the samba mailing list