[Samba] Setup_a_Samba_AD_Member_Server can get the id of user.

Rowland Penny rowlandpenny at googlemail.com
Fri Nov 28 02:58:07 MST 2014


On 28/11/14 01:33, 江志 wrote:
> Rowland Penny,您好:
>     I had test to setup
> username map = /etc/samba/smbmap
> and I got the same error
>
> winbindd -V
> Version 4.1.11-Ubuntu
>
>
> ------------------				
> 江志
> 2014-11-28
>
> -------------------------------------------------------------
> 发件人:Rowland Penny
> 发送日期:2014-11-25 17:51:13
> 收件人:samba
> 抄送:
> 主题:Re: [Samba] Setup_a_Samba_AD_Member_Server can get the id of user.
>
> On 25/11/14 03:47, 江志 wrote:
>> samba,您好:
>>        I follow the wiki(https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server) to setup a member server,then I have some problems:
>> net ads join -U adminsitrator is OK except the DNS update.
>> run the command:
>> wbinfo -u
>> show the user list as follow:
>> SWAP10\jz
>> SWAP10\root
>> TEST\administrator
>> TEST\krbtgt
>> TEST\guest
>> TEST\root
>> TEST\jz
>>
>> When run the command:
>> id administrator
>> show
>> id: administrator: no such user
>> When run the command:
>> id 'TEST\administrator'
>> show
>> id: TEST\administrator: no such user
>>
>> Run chown and chgrp also get error.
>>
>> Here is my smb.conf
>>
>> [global]
>> 	netbios name = swap10
>> 	workgroup = TEST
>> 	security = ADS
>> 	realm = TEST.TESTDOMAIN.COM
>> 	encrypt passwords = yes
>>
>> 	kerberos method = secrets only
>>
>> 	idmap config *:backend = tdb
>> 	idmap config *:range = 70001-80000
>> 	idmap config TEST:backend = ad
>> 	idmap config TEST:schema_mode = rfc2307
>> 	idmap config TEST:range = 500-40000
>>
>> 	winbind nss info = rfc2307
>> 	winbind trusted domains only = no
>> 	winbind use default domain = false
>> 	winbind enum users = yes
>> 	winbind enum groups = yes
>> 	winbind offline logon = false
>> 	template shell = /sbin/nologin
>>
>> 	vfs objects = acl_xattr
>> 	map acl inherit = yes
>> 	store dos attributes = yes
>> 	auth methods = winbind
>> 	log level = 3
>> [demo]
>> 	path = /home/samba/demo
>> 	read only = no
>> [install$]
>> 	path = /home/samba/install
>> 	read only = no
>> 	guest ok = no
>>
>> Any suggestions
>> Sorry for my poor english.
>>
>> Regards
>> Jiangzhi
>> --------------
>> 2014-11-25
> OK, you are using the winbind 'ad' backend, this will only pull users
> from AD that have a uidNumber that is between (in your case) 500-40000.
> Administrator does not have a uidNumber and before you rush off to give
> Administrator a uidNumber, don't , this is not recommended, it just
> turns Administrator into a normal user on Unix.
>
> I take it that you have only one Samba4 AD DC, it is recommended that
> you use this for authentication only and use a separate file or member
> server, if you do this, you can then map Administrator to root by adding
> a line to smb.conf:
>
>            username map = /etc/samba/smbmap
>
> And then creating the smbmap file
>
> !root = EXAMPLE\Administrator Administrator administrator
>
> Where EXAMPLE is your netbios/workgroup name.
>
> I would you suggest you have a read through the samba wiki:
>
> https://wiki.samba.org/index.php/Main_Page
>
> Rowland
>
Why do want Administrator to login? Administrator is the **WINDOWS** 
admin user, you use 'root' on Unix.

Rowland



More information about the samba mailing list