[Samba] Setup_a_Samba_AD_Member_Server can get the id of user.
江志
jz at hejiangmould.com
Thu Dec 4 00:04:40 MST 2014
Rowland Penny,您好:
I setup the AD Member Server as the wiki
When I run wbinfo -t I got:
check the trust secret for domain TEST via RPC calls succeeded
wbinfo -u
I got:
SWAP10\jz
..
TEST\test (the user added in Windows Client)
..
chown TEST\\test file also got
invalid user : 'TEST\\test'
I had setup the /etc/nsswitch.conf as wiki
Only Difference with wiki is I link the
/lib64/libnss_winbind.so.2 -> /lib/x86_64-linux-gnu/libnss_winbind.so.2
/lib64/libnss_winbind.so -> libnss_winbind.so.2
I can find the libnss_winbind.so under unbuntu 14.10 server.
------------------
江志
2014-12-04
-------------------------------------------------------------
发件人:Rowland Penny
发送日期:2014-12-01 17:14:56
收件人:江志
抄送:samba
主题:Re: [Samba] Setup_a_Samba_AD_Member_Server can get the id of user.
On 01/12/14 00:08, 江志 wrote:
> Rowland Penny,您好:
> I test id Administrator as the wiki.
> I run
> chown Administrator(or other DomainUser) file I got
> invalid User :Administrator
>
> ------------------
> 江志
> 2014-12-01
>
> -------------------------------------------------------------
> 发件人:Rowland Penny
> 发送日期:2014-11-28 17:59:18
> 收件人:江志
> 抄送:samba
> 主题:Re: [Samba] Setup_a_Samba_AD_Member_Server can get the id of user.
>
> On 28/11/14 01:33, 江志 wrote:
>> Rowland Penny,您好:
>> I had test to setup
>> username map = /etc/samba/smbmap
>> and I got the same error
>>
>> winbindd -V
>> Version 4.1.11-Ubuntu
>>
>>
>> ------------------
>> 江志
>> 2014-11-28
>>
>> -------------------------------------------------------------
>> 发件人:Rowland Penny
>> 发送日期:2014-11-25 17:51:13
>> 收件人:samba
>> 抄送:
>> 主题:Re: [Samba] Setup_a_Samba_AD_Member_Server can get the id of user.
>>
>> On 25/11/14 03:47, 江志 wrote:
>>> samba,您好:
>>> I follow the wiki(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server) to setup a member server,then I have some problems:
>>> net ads join -U adminsitrator is OK except the DNS update.
>>> run the command:
>>> wbinfo -u
>>> show the user list as follow:
>>> SWAP10\jz
>>> SWAP10\root
>>> TEST\administrator
>>> TEST\krbtgt
>>> TEST\guest
>>> TEST\root
>>> TEST\jz
>>>
>>> When run the command:
>>> id administrator
>>> show
>>> id: administrator: no such user
>>> When run the command:
>>> id 'TEST\administrator'
>>> show
>>> id: TEST\administrator: no such user
>>>
>>> Run chown and chgrp also get error.
>>>
>>> Here is my smb.conf
>>>
>>> [global]
>>> netbios name = swap10
>>> workgroup = TEST
>>> security = ADS
>>> realm = TEST.TESTDOMAIN.COM
>>> encrypt passwords = yes
>>>
>>> kerberos method = secrets only
>>>
>>> idmap config *:backend = tdb
>>> idmap config *:range = 70001-80000
>>> idmap config TEST:backend = ad
>>> idmap config TEST:schema_mode = rfc2307
>>> idmap config TEST:range = 500-40000
>>>
>>> winbind nss info = rfc2307
>>> winbind trusted domains only = no
>>> winbind use default domain = false
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> winbind offline logon = false
>>> template shell = /sbin/nologin
>>>
>>> vfs objects = acl_xattr
>>> map acl inherit = yes
>>> store dos attributes = yes
>>> auth methods = winbind
>>> log level = 3
>>> [demo]
>>> path = /home/samba/demo
>>> read only = no
>>> [install$]
>>> path = /home/samba/install
>>> read only = no
>>> guest ok = no
>>>
>>> Any suggestions
>>> Sorry for my poor english.
>>>
>>> Regards
>>> Jiangzhi
>>> --------------
>>> 2014-11-25
>> OK, you are using the winbind 'ad' backend, this will only pull users
>> from AD that have a uidNumber that is between (in your case) 500-40000.
>> Administrator does not have a uidNumber and before you rush off to give
>> Administrator a uidNumber, don't , this is not recommended, it just
>> turns Administrator into a normal user on Unix.
>>
>> I take it that you have only one Samba4 AD DC, it is recommended that
>> you use this for authentication only and use a separate file or member
>> server, if you do this, you can then map Administrator to root by adding
>> a line to smb.conf:
>>
>> username map = /etc/samba/smbmap
>>
>> And then creating the smbmap file
>>
>> !root = EXAMPLE\Administrator Administrator administrator
>>
>> Where EXAMPLE is your netbios/workgroup name.
>>
>> I would you suggest you have a read through the samba wiki:
>>
>> https://wiki.samba.org/index.php/Main_Page
>>
>> Rowland
>>
> Why do want Administrator to login? Administrator is the **WINDOWS**
> admin user, you use 'root' on Unix.
>
> Rowland
>
OK, Administrator is a 'SPECIAL' windows user and as such, does not and
should not exist on Unix. You can map Administrator to the Unix root
user, this will allow Administrator to do the things that need doing
from windows, change ACL's etc.
It actually says 'chown DomainUser:DomainGroup file' on the wiki and if
this is not working, then there is something wrong with your setup!.
This is providing that it doesn't work with a normal user that should be able to log into either a windows machine or a Unix machine.
Lets start with the obvious, do any of your users in AD have at least a 'uidNumber' and does 'Domain Users' have a 'gidNumber' ?
Rowland
More information about the samba
mailing list