[Samba] [Samba 3, Debian wheezy] All of a sudden, resolving ADS user fails completely
steve at steve-ss.com
Wed Dec 11 08:34:39 MST 2013
On Wed, 2013-12-11 at 14:30 +0100, Patrick G. Stoesser wrote:
> Am 11.12.2013 13:43, schrieb steve:
> > On Wed, 2013-12-11 at 13:04 +0100, Patrick G. Stoesser wrote:
> >> Oh, when I said I move the users I meant I move their data. The user
> >> accounts themselves are stored in the AD.
> >> I copy the user data via scp, and after that I chown and chmod the data,
> >> and after that I make an entry in smb.conf.
> > OK. So I assume that since there is only 1 file server then you can
> > chmod and chown as much as you like.
> No, I can do that on any server. To tell more details: The DC is a
> Windows server. I "own" on OU where I can manage my users, machines and
> All users are created on the DC. I just provide name, username and
What AD server do you have? Let's say you also supplied Telephone
number and uidNumber, would the user havebthose too?
> After a user is created in the AD, I can (for example) chown
> to this user on any of my servers. chown -vR ad#user user. And that
> works, after that (and the according smb.conf entry) the user can
> connect to the share. That works from WinXP, Win7, Win8, Linux, Mac.
> What I can't see is how the uid:gid
> > pair get over to your Linux clients. Or maybe this is just a file server
> > for win boxes. . . Is the uidNumber for the user stored in AD perhaps?
> > And what is the entry you make in smb.conf? Or are these new users in a
> > new share with new data wih perhaps just their personal files being
> > transferred from the old server? Guessing. . .
> In my "old" squeeze smb.confs I had the entry
> idmap uid = 10000-95000
> idmap gid = 10000-95000
If you want consistent uid then you'll have to change to the new syntax
which Rowland posted and choose a backend. I'd recommend the ad backend
if you can get uidNumbers into it.
> but on my wheezy servers testparm told that those are deprecated. Ahm,
> it seems that one cannot just use the squeeze samba config 1:1 on a
> whezzy samba...? But it worked for several weeks testing...
> >>> How many users do you need to transfer? Do you have admin access to the
> >>> DC?
> >> I do not have full admin access to the DC, I can create users
So you should be able to include uidNumber too, no? Do you use active
directory users and computers for this task?
> >> machine accounts and edit the GPO in my OU.
More information about the samba