[Samba] User disappears, when enabling RC2307

Lars Hanke debian at lhanke.de
Sat Aug 9 03:29:59 MDT 2014 

Am 08.08.2014 23:35, schrieb Rowland Penny:
> On 08/08/14 22:10, Lars Hanke wrote:
>>>> I copied the idmap entries from another client, which perfectly maps
>>>> the users:
>>>>
>>>> root at nfs4:/# id mgr
>>>> uid=1001(mgr) gid=10000(domain_users)
>>>> Gruppen=10000(domain_users),30001(BUILTIN\users)
>>>>
>>>> Yes, the user has uid and uidNumber set properly.
>>> uid and uidNumber are different, uid is the users name, uidNumber is the
>>> users ID number, is this how you have them set ?
>>
>> Understood. uid is identical to sAMAccountName, and uidNumber is 1001.
>> As said, it works nice on a second client.
>>
>>> OK, you have added the users with their original ID numbers to AD, but
>>> have you
>>> a) removed all the users from /etc/passwd
>>
>> They never existed on the NAS. There is no uid 1001 on the NAS. There
>> are however default users, which fall into the range, but do not clash
>> with any number existing in the AD. I'm not yet sure how to deal with
>> these default accounts.
>
> Just what default users? can you post the smb.conf from the NAS ?

There's a guest account and admin. Didn't analyze what these guys own in 
the file system, so far. However, I tried on the working system to 
define these users and it continued working. So their bare existence 
shouldn't hurt.

[global]
         printcap name=cups
         winbind enum groups=yes
         workgroup=AD
         encrypt passwords=yes
         security=ads
         local master=no
         realm=AD.MICROSULT.DE
         #passdb backend=smbpasswd
         printing=cups
         wins server=172.16.6.240
         winbind enum users=yes
         winbind use default domain=yes
         winbind nss info = rfc2307
         idmap config AD: range = 1001 - 29999
         idmap config AD: backend = ad
         idmap config AD: schema_mode = rfc2307
         idmap config *: range = 30000 - 50000
         idmap config *: backend = tdb
         load printers=yes
         admin users=@AD\Domain Admins, at AD\Enterprise Admins

The rest is share definitions. 172.16.6.240 is the AD DC. The wins 
server entry is probably obsolete, but adding it to the other config did 
not make the users disappear.

>>> b) joined the NAS to the domain.
> Can you get to a terminal on the NAS, if so you could run 'net ads
> testjoin'

DiskStation> net ads testjoin
Join is OK

So this item should be fine, I guess.

Regards,
  - lars.

More information about the samba mailing list