[Samba] Domain member seems to work, wbinfo -u not
Rowland penny
rpenny at samba.org
Fri Apr 15 11:50:24 UTC 2016
On 15/04/16 12:05, Oktay Akbal wrote:
>>> I don't see where exactly the ways differ. I already played with idmap settings and keytab. It makes no difference.
>>> BTW the wiki entry does not explain how to create the keytab, so the setting is not really useful if you just follow that page.
>> With the 'old system' you just have one range, this is now depreciated
>> and you should use the new 'idmap config' . The old system could be removed.
>>
>> The wiki entry does explain how to create the keytab:
>>
>> net ads join -U administrator
>>
>> The keytab will created for you during the join.
>>
>> Does 'Sure' mean you are running winbindd ?
>> Are you also using 'sssd' ?
>
> Already tried the idmap config and it does not make a difference. Will keep it.
>
> Indeed the join creates that file. Since I already was in domain I had to create it.
> Rejoined domain, keytab gets created. Still no difference. Everything works. wbinfo -u not.
> Yes I use winbind and no to sssd.
>
> I see other comments on how the latest updates broke domain authentication to some users (debian-list, centos7 forum etc.). I fear that there is a deeper problem with that patch.
>
>
OK, so your smb.conf is similar to the one on the wiki page, which idmap
backend did you use ?
If it was the 'rid' backend then everything should work.
If it was the 'ad' backend, do your users have a unique 'uidNumber'
attribute in AD and does 'Domain Users' have a 'gidNumber' attribute ?
Lets rule everything else out first, before pointing the finger at the
update.
Rowland
More information about the samba
mailing list