[Samba] setup-sysvol-bidirectional.sh unable to id administrator
infractory at gmail.com
Fri Apr 1 15:14:51 UTC 2016
SSSD refuse, by design, to generate user with uid=0. This wasn't always the
case and I don't know when this change happened. In recent versions it
should still the case.
So if you set up your administrator with uid=0, SSSD will refuse to make
that user available on system side (ie: id administrator won't work).
Now if you didn't add uid=0 to your administrator that could be an issue
with PAM or SSSD configuration.
To make SSSD (or nslcd or winbind) working you must configure:
- potentially the tool itself (ie: sssd)
wbinfo -u has nothing to do with this set up because you don't use winbind
to generate user from AD. wbinfo is a winbind tool...
But as it seems you are speaking about generating users from AD on your DC
(by opposition with "on member server") I would avoid SSSD and use winbind
which don't need much configuration by itself as it is designed to generate
users in "windows style" and "windows style" user (ie user generated with
primaryGroupID for main group rather than gidNumber which is for UNIX
users, same for UID which is RID in windows style) are what you realy want
to have on DC to match ACLs on sysvol when accessing GPO from Windows
clients (this because on DC if you have no file service except for sysvol,
no UNIX user would access DC for fiel sharing but Windows users will always
try to access sysvol to get GPO).
Hoping this help to clarify a little bit, have a nice day,
2016-03-30 8:28 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>:
> Dont fix administrator, i would say, but i dont use sssd, so thats
> something i cant say.
> But if you need an administrator, create a new user, add him to the Domain
> Admins group.
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens niya levi
> > Verzonden: dinsdag 29 maart 2016 17:58
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] setup-sysvol-bidirectional.sh unable to id
> > administrator
> > hi everyone
> > i have setup and run L.v. Belle's setup-sysvol-bidirectional.sh
> > all seems to be ok except that i cannot id or getent passwd administrator
> > id returns no such user
> > getent returns nothing
> > but samba-tool user list and wbinfo -u returns Administrator in their
> > lists
> > id and getent reports other samba users as normal.
> > i have sssd in my nsswitch.conf, not sure if that makes any difference
> > how do i fix id administrator.
> > shadrock
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba