[Samba] [Samba 3, Debian wheezy] All of a sudden, resolving ADS user fails completely

steve steve at steve-ss.com
Wed Dec 11 08:34:39 MST 2013

On Wed, 2013-12-11 at 14:30 +0100, Patrick G. Stoesser wrote:
> Am 11.12.2013 13:43, schrieb steve:
> > On Wed, 2013-12-11 at 13:04 +0100, Patrick G. Stoesser wrote:
> >
> >>
> >> Oh, when I said I move the users I meant I move their data. The user
> >> accounts themselves are stored in the AD.
> >> I copy the user data via scp, and after that I chown and chmod the data,
> >> and after that I make an entry in smb.conf.
> >
> > OK. So I assume that since there is only 1 file server then you can
> > chmod and chown as much as you like.
> No, I can do that on any server. To tell more details: The DC is a 
> Windows server. I "own" on OU where I can manage my users, machines and 
> GPOs.
> All users are created on the DC. I just provide name, username and 
> password. 

What AD server do you have? Let's say you also supplied  Telephone
number and uidNumber, would the user havebthose too?

> After a user is created in the AD, I can (for example) chown 
> to this user on any of my servers. chown -vR ad#user user. And that 
> works, after that (and the according smb.conf entry) the user can 
> connect to the share. That works from WinXP, Win7, Win8, Linux, Mac.
>   What I can't see is how the uid:gid
> > pair get over to your Linux clients. Or maybe this is just a file server
> > for win boxes. . . Is the uidNumber for the user stored in AD perhaps?
> > And what is the entry you make in smb.conf? Or are these new users in a
> > new share with new data wih perhaps just their personal files being
> > transferred from the old server? Guessing. . .
> In my "old" squeeze smb.confs I had the entry
> idmap uid = 10000-95000
> idmap gid = 10000-95000
If you want consistent uid then you'll have to change to the new syntax
which Rowland posted and choose a backend. I'd recommend the ad backend
if you can get uidNumbers into it.

> but on my wheezy servers testparm told that those are deprecated. Ahm, 
> it seems that one cannot just use the squeeze samba config 1:1 on a 
> whezzy samba...? But it worked for several weeks testing...
> >>
> >>> How many users do you need to transfer? Do you have admin access to the
> >>> DC?
> >>
> >> I do not have full admin access to the DC, I can create users

So you should be able to include uidNumber too, no? Do you use active
directory users and computers for this task?

>  und
> >> machine accounts and edit the GPO in my OU.
> >>

More information about the samba mailing list