[Samba] Member Server SeDiskOperatorPrivilege

Tim rintimtim at gmx.net
Fri Jan 9 09:48:20 MST 2015


With backend=ad only two user can be seen by getent passwd. Then changing backend=rid, all users are resolved by getent passwd

Am 9. Januar 2015 17:09:19 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>On 09/01/15 15:45, Tim wrote:
>> That's what I tried to say. I set the gid/uid attribs in Unix tab.
>> Am 9. Januar 2015 16:44:28 MEZ, schrieb Rowland Penny 
>> <rowlandpenny at googlemail.com>:
>>     On 09/01/15 15:40, Tim wrote:
>>>     When I switch back to backend ad, getent passwd returns nothing
>>>     getent group only returns by adding a dedicated group name.
>>>     There is at least one user and one group with Id set in ad.
>>     Yes, but do *any* of your AD users have a uidNumber attribute.
>>     Rowland
>>>     Am 9. Januar 2015 16:29:39 MEZ, schrieb Rowland Penny
>>>     <rowlandpenny at googlemail.com>:
>>>         On 09/01/15 15:19, Tim wrote:
>>>             I switched to rid module of idmapping and now winbind
>>>             offers all groups and I can set SeDiskOperatorPrivilege.
>>>             getent group and getent passwd are now working! Am 9.
>>>             Januar 2015 15:21:32 MEZ, schrieb Rowland Penny
>>>             <rowlandpenny at googlemail.com>: On 09/01/15 13:47, Tim
>>>             wrote: Hello all, I have a AD DC based on CentOS7 with
>>>             sernet samba 4.1.14 with rfc2307 and function level
>>>             2008_R2. This one works so far and I can manage the AD
>>>             from a windows client. Now I setup a member server based
>>>             on CentOS7 with sernet samba 4.1.14 just like the wiki
>>>             advises with the same smb.conf (realm etc is configured
>>>             to my needs. I joined the AD and configured nsswitch.
>>>             wbinfo works so far but getent passwd or getent group
>>>             doesn't list domain objects. getent group testgroup1
>>>             works, but getent passwd testuser1 does not. I created a
>>>             share in smb.conf. Now I want to set the
>>>             SeDiskOperatorPrivilege like the wiki advises. But it
>>>             doesn't work. It says that it can't connect to server
>>>    <> <>. I tried
>>>             it with net rpc rights grant 'DOM\Domain Admins'
>>>             SeDiskOperatorPrivilege -U'DOM\administrator' Now I can
>>>             not access the server from windows to set share
>>>             permissions. What to do? The wiki told nothing about
>>>             kerberos so I did not do anything to it. Thanks in
>>>             advance Hi, you appear to be the second person in two
>>>             days having a similar, if not the same problem with the
>>>             sernet packages. I don't think it is a kerberos problem,
>>>             can you check if you have 'libnss_winbind.so
>>>             <http://winbind.so> <http://winbind.so>.2' anywhere.
>>>         I take it from this, that you do not have any uidNumber or
>>>         attributes in AD.
>>>         Rowland
>OK, then where they inside the range set in smb.conf i.e. idmap config 
>DOMAIN : range = 10000-999999
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list