[Samba] Samba 4 AD share: Access denied

Ryan Ashley ryana at reachtechfp.com
Wed Aug 6 15:27:37 MDT 2014 

Thanks, Harry. I tried that on my DC and it turned up nothing, as you 
can see below.

root at dc01:~# ldbsearch --url=/var/lib/samba/private/idmap.ldb 
xidnumber=70012
# returned 0 records
# 0 entries
# 0 referrals
root at dc01:~# ldbsearch --url=/var/lib/samba/private/idmap.ldb 
'xidnumber=70012'
# returned 0 records
# 0 entries
# 0 referrals

I tried with and without apostrophes around it.

As for the other comment, are you saying I need to set a field called 
"gidNumber", not "gid"?

On 8/6/2014 4:45 PM, Harry Jede wrote:
> On 21:52:01 wrote Ryan Ashley:
>> Alright, I already gave every group a gIDNumber using the "advanced
>> features" option via the "Attribute Editor". Each group has a unique
>> ID. There are 16 built-in groups (domain admins, domain users, etc)
>> and five I have. My last group ended with 10021. The first group was
>> 10001. I then stopped S4 on my print-server, deleted
>> "group_mapping.tdb", "winbind_cache.tdb", and "winbind_idmap.tdb",
>> rebooted the server, and (S4 starts automatically) changed group
>> ownership of a directory to "domain admins". When listing the
>> directory with "ls -lAn", it showed 70012, not 10001. So they all
>> have gIDNumber set now, but it isn't pulling through. What could
>> cause that?
> maybe you have xidnumbers and (u)(g)idnumbers ?
>
> run this on your DC
> # ldbsearch --url=/usr/local/samba/private/idmap.ldb 'xidnumber=70012'
> objectSid
>
> then search for this sid in sam.ldb
> # ldbsearch --url=/usr/local/samba/private/sam.ldb objectsid=<returned
> sid> objectSid uinumber gidnumber
>
> in my installation
>
>
> # ldbsearch --url=/var/lib/samba/private/idmap.ldb xidnumber=3000018
> objectSid
> # record 1
> dn: CN=S-1-5-21-2523711511-101154222-1399562269-1104
> objectSid: S-1-5-21-2523711511-101154222-1399562269-1104
>
> # ldbsearch --url=/var/lib/samba/private/sam.ldb
> objectsid=S-1-5-21-2523711511-101154222-1399562269-1104 objectSid
> uinumber gidnumber
> # record 1
> dn: CN=user1,CN=Users,DC=ad,DC=schule,DC=lan
> objectSid: S-1-5-21-2523711511-101154222-1399562269-1104
> gidNumber: 50000
>
>
>
>

More information about the samba mailing list