[Samba] centos 6.5 sernet-samba 4.1.6 member server winbind idmap fail
L.P.H. van Belle
belle at bazuin.nl
Fri Apr 11 01:08:07 MDT 2014
Hai,
>> I think I'll copy all the membership of Administrator's groups to
>> another user (OtherAdmin) then I'll deactivate the Administrator
>> account. Looks like a workaround but if it works I will not complain.
>>
>You should not have to do this and I cannot recommend doing it.
Dont do this. !
because of kerberos updates and dns updates..
look : cat /var/lib/samba/private/named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
grant INTERNAL.DOMAIN.TLD ms-self * A AAAA;
====>> grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV CNAME; <<< =======
grant RTD-DC1$@INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV CNAME;
grant RTD-DC2$@INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV CNAME;
};
what do you think will happen if you disable administrator.. ;-)
Louis
>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: donderdag 10 april 2014 22:07
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] centos 6.5 sernet-samba 4.1.6 member
>server winbind idmap fail
>
>On 10/04/14 20:51, Lorenzo Faleschini wrote:
>> Il 10/04/2014 20:24, Rowland Penny ha scritto:
>>>
>>> Try removing the uidNumber from the Administrator, my Administrator
>>> does not have a uidNumber and everything just seems to
>work. Mapping
>>> Administrator to root in a file read by smb.conf is a much
>better idea.
>>>
>>> Rowland
>>
>> Tried this, but no results.
>> The Administrator user seem to have no privileges.
>> When I use the Computer Management console as Administrator
>to manage
>> shares on fileserver or dc I cannot even open the
>"sessions" or "open
>> files" tab, nor I can set the "Security" tab for a share.
>
>My Administrator CAN do all of the above.
>
>> When I use the Computer Management console as OtherAdmin (manually
>> created user added to Domain Admins) I can do everything as expected
>> and shares work properly.
>>
>> I tried also to disable Administrator and reenable in ADUC
>but no way.
>>
>> I don't know if there's any problem in having Administrator user not
>> working 100%..
>
>If Administrator is not working correctly, then you will have problems,
>
>> I think I'll copy all the membership of Administrator's groups to
>> another user (OtherAdmin) then I'll deactivate the Administrator
>> account. Looks like a workaround but if it works I will not complain.
>>
>You should not have to do this and I cannot recommend doing it.
>
>> do you think I should file a bug? maybe try to reproduce it from a
>> fresh install?
>
>If it is a bug then I think that you are probably the only one
>suffering
>from it ;-) I think that your last idea is probably the best, move the
>relevant dirs etc (sysvol, private etc) out of the way and
>re-provision,
>add a gidNumber to Domain Users, add a user and add a uidNumber to the
>new user and then go from there.
>
>Rowland
>
>>
>>
>>
>> Lorenzo Faleschini
>> IT Manager @ Nord Est Systems srl
>> ----------------------------------------
>> m: +39 335 6055225 | skype: falegalizeit
>>
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list