[Samba] [Samba 3, Debian wheezy] All of a sudden, resolving ADS user fails completely

Patrick G. Stoesser lists at pgs-info.de
Wed Dec 11 06:30:31 MST 2013 

Am 11.12.2013 13:43, schrieb steve:
> On Wed, 2013-12-11 at 13:04 +0100, Patrick G. Stoesser wrote:
>
>>
>> Oh, when I said I move the users I meant I move their data. The user
>> accounts themselves are stored in the AD.
>> I copy the user data via scp, and after that I chown and chmod the data,
>> and after that I make an entry in smb.conf.
>
> OK. So I assume that since there is only 1 file server then you can
> chmod and chown as much as you like.

No, I can do that on any server. To tell more details: The DC is a 
Windows server. I "own" on OU where I can manage my users, machines and 
GPOs.
All users are created on the DC. I just provide name, username and 
password. After a user is created in the AD, I can (for example) chown 
to this user on any of my servers. chown -vR ad#user user. And that 
works, after that (and the according smb.conf entry) the user can 
connect to the share. That works from WinXP, Win7, Win8, Linux, Mac.

  What I can't see is how the uid:gid
> pair get over to your Linux clients. Or maybe this is just a file server
> for win boxes. . . Is the uidNumber for the user stored in AD perhaps?
> And what is the entry you make in smb.conf? Or are these new users in a
> new share with new data wih perhaps just their personal files being
> transferred from the old server? Guessing. . .

In my "old" squeeze smb.confs I had the entry

idmap uid = 10000-95000
idmap gid = 10000-95000

but on my wheezy servers testparm told that those are deprecated. Ahm, 
it seems that one cannot just use the squeeze samba config 1:1 on a 
whezzy samba...? But it worked for several weeks testing...
>>
>>> How many users do you need to transfer? Do you have admin access to the
>>> DC?
>>
>> I do not have full admin access to the DC, I can create users und
>> machine accounts and edit the GPO in my OU.
>>
> Could you ask the admin to supply a (censored) DN of one of the users
> you have just transferred so we can get a better idea?
> HTH
> Steve

That's another part of my problem, currently I do not reach an admin of 
the DC...
>
> (Just read the other post about the debian update. Maybe this is now
> solved by the downgrade?)

No, unfortunately not. I just transfer the data to a working server (the 
one where the update has not been apllied yet) and start my problem 
server from scratch. Ugly.

Kind regards, pgs

More information about the samba mailing list