[Samba] samba4 server member of a samba 3 domain
Rowland Penny
rowlandpenny241155 at gmail.com
Wed Nov 4 09:54:11 UTC 2015
On 04/11/15 09:20, Guilhem Souque wrote:
> Hi,
> I try to configure a samba 4.1.17 server member of a samba3.5.6 (ldap
> backend ) domain.
> i can mount the smb share on a windows client but i cant modify the acl.
> this is the samba server logs:
> create_canon_ace_lists: unable to map SID
> S-1-5-21-856890099-1868262392-538272213-2012 to uid or gid
> when i try to manually map SID to UID with wbinfo:
> wbinfo -S S-1-5-21-856890099-1868262392-538272213-2012
> it returns -1 instead of 1537.
> i can see some warnings about deprecated options in the log file:
> WARNING: The "idmap backend" option is deprecated
> WARNING: The "idmap uid" option is deprecated
> WARNING: The "idmap gid" option is deprecated
>
> I guess i have miss-configured the idmap part of my smb.conf.
> this is my smb.conf:
>
> workgroup = FOO
> #security = DOMAIN
> security = ADS
> log level = 2
> syslog = 0
> log file = /var/log/samba/%m
> max log size =2048
> smb ports = 139
> name resolve order = wins bcast hosts
> wins server = 192.168.10.150
> ldap admin dn = cn=admin,dc=artprice,dc=bil
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Machines
> ldap suffix = dc=artprice,dc=bil
> ldap ssl = no
> ldap timeout = 20
> ldap user suffix = ou=Users
> idmap backend = ldap:ldap://172.16.10.150
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind separator = /
> idmap config FOO : range = 1000-999999
> idmap config FOO : backend = nss
> admin users = "@foo/domain admins"
> winbind use default domain = Yes
>
> Thank you for your precious help!
>
> Regards
>
> Guilhem
>
You only use 'security = ADS' with an AD domain, also try removing the
'idmap uid & gid' lines and replace them with:
idmap config * : range = 10000-20000
idmap config * : backend = tdb
See if this helps
Rowland
More information about the samba
mailing list