[Samba] BUILTIN not mapping on DC
Achim Gottinger
achim at ag-web.biz
Fri Apr 25 14:31:56 MDT 2014
Also had GPO issues related to BUILTIN Users and Groups.
Fixed the issues with different uid's gid's beeing assigend to the by
winbind by manually editing uid's and gid's in idmap.ldb with ldbedit.
Tried rid mapping for BUILDIN but it did not work on the ADDC's.
achim~
Am 25.04.2014 21:58, schrieb Ryan Bair:
> Running 4.1.6-SerNet-RedHat-7.el6 on CentOS 6.5.
>
> I've been bumping my head against GPO issues and am now wondering if its
> connected to my BUILTIN groups not mapping on my DC.
>
> For instance on DC:
> sh-4.1# wbinfo --gid-info=544
> failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for gid 544
>
> But on a member:
> sh-4.1# wbinfo --gid-info=544
> BUILTIN\administrators:x:544:
>
> Likewise `getent group BUILTIN\\administrators` fails on the DC.
>
> Any ideas?
>
> Here is my smb.conf:
>
> [global]
> workgroup = xxx
> realm = xxx
> netbios name = SERVER
> server role = active directory domain controller
> wins support = yes
> idmap_ldb:use rfc2307 = yes
> winbind nss info = rfc2307
> template shell = /bin/sh
> dns forwarder = x.x.x.x
> server services = -smb +s3fs
> dcerpc endpoint servers = -winreg -srvsvc
> vfs objects = netatalk
> unix extensions = no
> tls enabled = yes
> tls keyfile = tls/server_AD_DC.key
> tls certfile = tls/server_AD_DC.crt
> tls cafile = tls/xxx_CA.crt
>
> [netlogon]
> path = /var/lib/samba/sysvol/xxx/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
More information about the samba
mailing list