[Samba] Member Server SeDiskOperatorPrivilege
Tim
rintimtim at gmx.net
Fri Jan 9 08:45:47 MST 2015
That's what I tried to say. I set the gid/uid attribs in Unix tab.
Am 9. Januar 2015 16:44:28 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>On 09/01/15 15:40, Tim wrote:
>> When I switch back to backend ad, getent passwd returns nothing -
>> getent group only returns by adding a dedicated group name.
>> There is at least one user and one group with Id set in ad.
>>
>
>Yes, but do *any* of your AD users have a uidNumber attribute.
>
>Rowland
>
>> Am 9. Januar 2015 16:29:39 MEZ, schrieb Rowland Penny
>> <rowlandpenny at googlemail.com>:
>>
>> On 09/01/15 15:19, Tim wrote:
>>
>> I switched to rid module of idmapping and now winbind offers
>> all groups and I can set SeDiskOperatorPrivilege. getent
>group
>> and getent passwd are now working! Am 9. Januar 2015 15:21:32
>> MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: On
>> 09/01/15 13:47, Tim wrote: Hello all, I have a AD DC based on
>> CentOS7 with sernet samba 4.1.14 with rfc2307 and function
>> level 2008_R2. This one works so far and I can manage the AD
>> from a windows client. Now I setup a member server based on
>> CentOS7 with sernet samba 4.1.14 just like the wiki advises
>> with the same smb.conf (realm etc is configured to my needs.
>I
>> joined the AD and configured nsswitch. wbinfo works so far
>but
>> getent passwd or getent group doesn't list domain objects.
>> getent group testgroup1 works, but getent passwd testuser1
>> does not. I created a share in smb.conf. Now I want to set
>the
>> SeDiskOperatorPrivilege like the wiki advises. But it doesn't
>> work. It says that it can't connect to server 127.0.0.1
>> <http://127.0.0.1> <http://127.0.0.1>. I tried it with net
>rpc
>> rights grant 'DOM\Domain Admins' SeDiskOperatorPrivilege
>> -U'DOM\administrator' Now I can not access the server from
>> windows to set share permissions. What to do? The wiki told
>> nothing about kerberos so I did not do anything to it. Thanks
>> in advance Hi, you appear to be the second person in two days
>> having a similar, if not the same problem with the sernet
>> packages. I don't think it is a kerberos problem, can you
>> check if you have 'libnss_winbind.so <http://winbind.so>
>> <http://winbind.so>.2' anywhere. Rowland
>>
>>
>>
>> I take it from this, that you do not have any uidNumber or
>gidNumber
>> attributes in AD.
>>
>> Rowland
>>
More information about the samba
mailing list