[Samba] SOLVED: WINBIND: UID and GID false mappings on domain member

rawi only4com at web.de
Wed Aug 17 14:08:45 UTC 2016 

> you should get virtually all of a users attributes, there are a few 
> exceptions i.e. the users unicode password.

Well yes, (embarrassed) I was looking only with one eye. With both eyes I
can see the fields; the second eye has grasped, that some fields are base64
coded...

btw. unicode passwords: could I set them to passwords from the old NT
domain?
(I decided to start with a fresh ad-dc, against classic-upgrade, in order to
avoid possible errors from the old files and SIDs. So I'm willing to create
all my users again per script. But passwords and machine credentials would
be gorgeous.)

>> 5. (bug?) 
>> Adding "hosts allow =" on the ad-dc breaks everything. 
>> wbinfo will give no output on the ad-dc and an error on the domain 
>> member. 
>
> If you can duplicate this at will, then it does sound like a bug.

Yes, I can. Each time I write into the ad-dc a "hosts allow =
10.1.2.0/255.255.255.0" - wbinfo -u or -g would give no output any more
(Samba Version 4.3.9-Ubuntu) on the ad-dc and output error on the domain
member.
Having the "hosts allow" set on the domain member seems OK. I didn't try, if
it is also effective...

> If you mean that you have 
> removed 'dnsupdate' from the 'server services' line, can I recommend 
> you put it back, you need it for the 'samba_dnsupdate' script.

Sorry I do not understand what "samba_dnsupdate" is doing, once I have
already all the domain records fixed in zone files and I'll disable the
clients per registry hack to try to update dns? Please, why do I need it?
How is it working?

> Don't be afraid of breaking things, that way you will miss a lot of the 
> changes that have already happened and the ones to come.

Well, I have a helluva of respect facing self compilations with cryptic
parameters.
I need to stay with the repositories. There are the people knowing this
doing.

Best regards
rawi




--
View this message in context: http://samba.2283325.n4.nabble.com/WINBIND-UID-and-GID-false-mappings-on-domain-member-tp4706553p4706728.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list