[Samba] Join QNAP to a Samba AD

Rowland Penny rpenny at samba.org
Mon Dec 5 16:50:46 UTC 2016 

On Mon, 05 Dec 2016 15:43:09 +0000
contact--- via samba <samba at lists.samba.org> wrote:

> Hello,
> 
>   
> 
> I'm currently stuck with a QNAP NAS appliance (don't buy this !)
> 
>   
> 
> I have a Sernet Samba 4.5 as an AD controller and my QNAP have a
> Samba 4.0.25 (latest update)
> 
>   
> 
> All i want is to join the QNAP to the AD, the QNAP will act as the
> file server.
> 
>   
> 
> The join in the official way is okay but the uid / gid mapping is
> f*cked.
> 
>   
> 
> I tried almost everything, change the idmap, manual join, ad / rid /
> autoid mode ect ... when it work, i have bad uid/gids
> 
>   
> 
> When i set the idmap to start from 0 my gid 515 is good but other uid
> are bad.
> 
>   
> 
> For now, i changed the settings to match the wiki page of samba
> "Setup samba as an AD Domain Member" with ad backend rfc2307, winbind
> return the correct user list, the SID are good but when wbinfo try to
> convert them to uid/gid i have an error.
> 
>   
> 
> Exemple :
> 
>   
> 
> [/etc/config] # wbinfo -n begr00  
> S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 SID_USER (1)  
> 
>   
> 
> [/etc/config] # wbinfo -S S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232  
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND  
> Could not convert sid S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 to uid  
> 
>   
> 
> the winbind log, nothing really interesting
> 
>   
> 
> [2016/12/05 16:04:30.745570,  0]
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
>  Got sig[15] terminate (is_parent=0)  
> [2016/12/05 16:08:31.349762,  0]
> ../lib/util/charset/codepoints.c:292(get_conv_handle)  
>  dos charset 'CP850' unavailable - using ASCII  
> [2016/12/05 16:09:13.256148,  0]
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
>  Got sig[15] terminate (is_parent=0)  
> 
>   
> 
>   
> 
> Here is my winbind/idmap config
> 
>   
> 
> winbind nss info = rfc2307  
> winbind enum users = yes  
> winbind enum groups = yes  
> winbind cache time = 3600  
> idmap config * : backend = tdb  
> idmap config * : range = 3000-7999  
> idmap config MYDOM:backend = ad  
> idmap config MYDOM:schema_mode = rfc2307  
> idmap config MYDOM:range = 10000-999999  
> 
>   
> 
>   
> 
> Can someone help me ?
> 
>   
> 
> Thank you, have a good day !
> 

Does 'Domain users' have a gidNumber attribute containing a number
between '10000-999999' ?

Rowland

More information about the samba mailing list