[Samba] userid shows 4294967295
Stefan Kania
stefan at kania-online.de
Mon Dec 7 15:06:45 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is one parameter in your smb.conf missing:
idmap config * : range 1000000-1999999
Or any other range other then the range of your Domain OFFICE
Then you should do a "net cache flush" or better restart your
samba-daemon.
Am 07.12.15 um 13:52 schrieb Nico De Ranter:
> Hello again,
>
> I'm getting close to a working setup but still run into glitches
> here and there.
>
> I have 2 Ubuntu servers working as AD server, one Ubuntu desktop
> with winbind configured. I've setup a number of accounts with
> Unix properties. I've been primarily testing with my own account
> which works just fine. I've now assigned Unix properties to
> another account. When I run 'wbinfo -i' on the AD server I see the
> correct info:
>
> root at dc1:~# wbinfo -i test
> OFFICE\test:*:10000:500:test:/home/OFFICE/test:/bin/false
>
> When I try the same thing on the client I get:
>
> root at testpc2:~# wbinfo -i test
> test:*:4294967295:4294967295::/home/test:/bin/bash
>
> I also tried some other accounts and got the same result. The
> only account that seems to work fine is my own account (and no it
> is not in /etc/passwd :-)
>
> Any idea what might be wrong?
>
> smb.conf on the client:
>
> [global] security = ADS workgroup = OFFICE realm = WIN.OFFICE
>
> log file = /var/log/samba/%m.log log level = 1
>
> dedicated keytab file = /etc/krb5.keytab kerberos method = secrets
> and keytab
>
> winbind refresh tickets = yes winbind trusted domains only = no
> winbind use default domain = yes winbind enum users = yes winbind
> enum groups = yes winbind offline logon = yes
>
> client signing = yes client use spnego = yes
>
> idmap config = ad winbind nss info = rfc2307
>
> # Default idmap config used for BUILTIN and local accounts/groups
> idmap backend = tdb idmap range = 100-499
>
> # idmap config for domain OFFICE idmap config OFFICE : backend = ad
> idmap config OFFICE : schema_mode = rfc2307 idmap config OFFICE :
> range = 500-29999
>
> It worked for the user with uid 1048, it doesn't work for uid
> 1059, 1000, 9999, 10000
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iEYEARECAAYFAlZloIUACgkQ2JOGcNAHDTbAWgCcDdpPfgI+z5OonQc9Xh71yU75
WbkAn2WN3zj2o1TmZSTFSemN/QmbNQqF
=Jlvw
-----END PGP SIGNATURE-----
More information about the samba
mailing list