[Samba] Back with my UID problems

Rowland Penny rowlandpenny at googlemail.com
Wed Feb 25 12:48:07 MST 2015 

On 25/02/15 19:31, Brett Wynkoop wrote:
> On Wed, 25 Feb 2015 10:18:04  +0000 Rowland Penny
 > <rowlandpenny at googlemail.com> wrote:
 >
 >>
 >>
 >> OK, going to need more info here, can you post the smb.conf you
 >> have tried so far. You mention that you want to use the LDAP and
 >> Kerberos provided by samba, this will mean that you will need to
 >> run samba4 as an AD DC, yet you refer to creating users with
 >> pdbedit?
 >>
 >
 > If there is another way to create users I have not discovered it
 > yet. At the moment I do not have the windows boxes in house yet, so I
 > have no native MS=Windows tools.
 >
 > The following smb4.conf is hand tweaked from a sample I found on the
 > net.  The one generated by samba-tool would not even allow a
 > connection to be made using smbclient.
 >
 > ------------------cut
 > here------------------------------------------- # Global parameters
 > [global] workgroup = WYNN auth methods = pam sam winbind kerberos
 > method = secrets and keytab local master = yes netbios name = PRD2
 > log level = 4 #       dcerpc endpoint servers = epmapper, wkssvc,
 > rpcecho, samr, netlogon, lsa rpc, spoolss, drsuapi, dssetup,
 > unixinfo, browser, eventlog6, backupkey, dnsserv er, winreg, srvsvc
 > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
 > lsa rpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
 > backupkey,  winreg , srvsvc realm = WYNN.COM os level = 20 username
 > map = /var/db/samba4/private/users.map client max protocol = SMB3 #
 > server min protocol = SMB3 hide dot files = no winbind trusted
 > domains only = yes #       server services = rpc, nbt, wrepl, ldap,
 > cldap, kdc, drepl, winbind, ntp _signd, kcc, dnsupdate, dns, smb
 > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
 > nt p_signd, kcc, smb winbind use default domain = yes dns forwarder =
 > 199.89.147.3 domain logons = yes smb encrypt = yes security = user
 > encrypt passwords = yes preferred master = yes # idmap_ldb:use
 > rfc2307 = yes wins support = true server role = active directory
 > domain controller
 >
 >
 > # kerberos stuff # # security = ADS # password server =
 > prd2.wynn.com
 >
 >
 > [netlogon] path = /var/db/samba4/sysvol/wynn.com/scripts read only =
 > No
 >
 > [sysvol] path = /var/db/samba4/sysvol read only = No
 >
 >
 > [archive] writeable = yes browseable = yes valid users = wynkoop
 > write list = wynkoop, at wheel user = wynkoop path = /archive force user
 > = wynkoop comment = /archive #       revalidate = yes # vfs
 > objects = zfsacl #       nfs4:mode = special # nfs4:chown =
 > yes #       zfsacl:acesort = dontcare
 >
 >
 > --------------------cut here-----------------
 >
 > Oddball word wraps are the fault of my mail client.
 >
 > So I hope someone can show me my error.  This samba was built last
 > night on FreeBSD 10.1 from ports and is version 4.1.17.
 >
 > -Brett
 >

OK, you would appear to be running samba4 in AD mode, i.e. you 
provisioned it.

You have now tried to add things to your smb.conf to make it work like 
samba3, this will not work! Put your smb.conf back to what it was like 
just after the provision and then go and read the samba wiki : 
https://wiki.samba.org/index.php/Main_Page and search the internet on 
how to run an Active Directory domain. This will probably entail adding 
'uidNumber' attributes to your AD users and 'gidNumber' attributes to 
some of your AD groups.

As for creating users & groups, samba 4 comes with 'samba-tool' for more 
info on this, run 'samba-tool --help' or 'samba-tool user add --help', 
you can also run 'man samba-tool'

Rowland

More information about the samba mailing list