[Samba] Member Server SeDiskOperatorPrivilege
Tim
rintimtim at gmx.net
Fri Jan 9 08:40:55 MST 2015
When I switch back to backend ad, getent passwd returns nothing - getent group only returns by adding a dedicated group name.
There is at least one user and one group with Id set in ad.
Am 9. Januar 2015 16:29:39 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>On 09/01/15 15:19, Tim wrote:
>> I switched to rid module of idmapping and now winbind offers all
>> groups and I can set SeDiskOperatorPrivilege.
>>
>> getent group and getent passwd are now working!
>>
>>
>>
>> Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny
>> <rowlandpenny at googlemail.com>:
>>
>> On 09/01/15 13:47, Tim wrote:
>>
>> Hello all, I have a AD DC based on CentOS7 with sernet samba
>> 4.1.14 with rfc2307 and function level 2008_R2. This one
>works
>> so far and I can manage the AD from a windows client. Now I
>> setup a member server based on CentOS7 with sernet samba
>> 4.1.14 just like the wiki advises with the same smb.conf
>> (realm etc is configured to my needs. I joined the AD and
>> configured nsswitch. wbinfo works so far but getent passwd or
>> getent group doesn't list domain objects. getent group
>> testgroup1 works, but getent passwd testuser1 does not. I
>> created a share in smb.conf. Now I want to set the
>> SeDiskOperatorPrivilege like the wiki advises. But it doesn't
>> work. It says that it can't connect to server 127.0.0.1
>> <http://127.0.0.1>. I tried it with net rpc rights grant
>> 'DOM\Domain Admins' SeDiskOperatorPrivilege
>> -U'DOM\administrator' Now I can not access the server from
>> windows to set share permissions. What to do? The wiki told
>> nothing about kerberos so I did not do anything to it. Thanks
>> in advance
>>
>>
>> Hi, you appear to be the second person in two days having a
>similar, if
>> not the same problem with the sernet packages. I don't think it
>is a
>> kerberos problem, can you check if you have 'libnss_winbind.so
><http://winbind.so>.2' anywhere.
>>
>> Rowland
>>
>
>I take it from this, that you do not have any uidNumber or gidNumber
>attributes in AD.
>
>Rowland
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list