[Samba] Setup_a_Samba_AD_Member_Server can get the id of user.

Rowland Penny rowlandpenny at googlemail.com
Tue Nov 25 02:49:48 MST 2014


On 25/11/14 03:47, 江志 wrote:
> samba,您好:
>       I follow the wiki(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server) to setup a member server,then I have some problems:
> net ads join -U adminsitrator is OK except the DNS update.
> run the command:
> wbinfo -u
> show the user list as follow:
> SWAP10\jz
> SWAP10\root
> TEST\administrator
> TEST\krbtgt
> TEST\guest
> TEST\root
> TEST\jz
>
> When run the command:
> id administrator
> show
> id: administrator: no such user
> When run the command:
> id 'TEST\administrator'
> show
> id: TEST\administrator: no such user
>
> Run chown and chgrp also get error.
>
> Here is my smb.conf
>
> [global]
> 	netbios name = swap10
> 	workgroup = TEST
> 	security = ADS
> 	realm = TEST.TESTDOMAIN.COM
> 	encrypt passwords = yes
>
> 	kerberos method = secrets only
>
> 	idmap config *:backend = tdb
> 	idmap config *:range = 70001-80000
> 	idmap config TEST:backend = ad
> 	idmap config TEST:schema_mode = rfc2307
> 	idmap config TEST:range = 500-40000
>
> 	winbind nss info = rfc2307
> 	winbind trusted domains only = no
> 	winbind use default domain = false
> 	winbind enum users = yes
> 	winbind enum groups = yes
> 	winbind offline logon = false
> 	template shell = /sbin/nologin
>
> 	vfs objects = acl_xattr
> 	map acl inherit = yes
> 	store dos attributes = yes
> 	auth methods = winbind
> 	log level = 3
> [demo]
> 	path = /home/samba/demo
> 	read only = no
> [install$]
> 	path = /home/samba/install
> 	read only = no
> 	guest ok = no
>
> Any suggestions
> Sorry for my poor english.
>
> Regards
> Jiangzhi
> --------------
> 2014-11-25
OK, you are using the winbind 'ad' backend, this will only pull users 
from AD that have a uidNumber that is between (in your case) 500-40000. 
Administrator does not have a uidNumber and before you rush off to give 
Administrator a uidNumber, don't , this is not recommended, it just 
turns Administrator into a normal user on Unix.

I take it that you have only one Samba4 AD DC, it is recommended that 
you use this for authentication only and use a separate file or member 
server, if you do this, you can then map Administrator to root by adding 
a line to smb.conf:

          username map = /etc/samba/smbmap

And then creating the smbmap file

!root = EXAMPLE\Administrator Administrator administrator

Where EXAMPLE is your netbios/workgroup name.

I would you suggest you have a read through the samba wiki:

https://wiki.samba.org/index.php/Main_Page

Rowland



More information about the samba mailing list