[Samba] Join QNAP to a Samba AD

contact at makz.me contact at makz.me
Tue Dec 6 08:13:03 UTC 2016


Hello,

  

No it's a AD classicupgraded from a Samba 3 PDC

  

Here's a user example from my DC

  

uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users) groupes=513(MYDOM\domain us
ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041
(MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users)  

  

my first user start at uid 1001 (1000 was the administrator account on the S3
PDC)

and groups start at 1000, AD and old PDC have exactly the same uid/gid except
for specific AD builtin groups.

  

On Dec 5 2016, at 6:07 pm, Rowland Penny via samba <samba at lists.samba.org>
wrote:  

> On Mon, 05 Dec 2016 15:43:09 +0000  
contact--- via samba <samba at lists.samba.org> wrote:

>

> > Hello,  
>  
>  
>  
> I'm currently stuck with a QNAP NAS appliance (don't buy this !)  
>  
>  
>  
> I have a Sernet Samba 4.5 as an AD controller and my QNAP have a  
> Samba 4.0.25 (latest update)  
>  
>  
>  
> All i want is to join the QNAP to the AD, the QNAP will act as the  
> file server.  
>  
>  
>  
> The join in the official way is okay but the uid / gid mapping is  
> f*cked.  
>  
>  
>  
> I tried almost everything, change the idmap, manual join, ad / rid /  
> autoid mode ect ... when it work, i have bad uid/gids  
>  
>  
>  
> When i set the idmap to start from 0 my gid 515 is good but other uid  
> are bad.  
>  
>  
>  
> For now, i changed the settings to match the wiki page of samba  
> "Setup samba as an AD Domain Member" with ad backend rfc2307, winbind  
> return the correct user list, the SID are good but when wbinfo try to  
> convert them to uid/gid i have an error.  
>  
>  
>  
> Exemple :  
>  
>  
>  
> [/etc/config] # wbinfo -n begr00  
> S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 SID_USER (1)  
>  
>  
>  
> [/etc/config] # wbinfo -S S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232  
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND  
> Could not convert sid S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 to uid  
>  
>  
>  
> the winbind log, nothing really interesting  
>  
>  
>  
> [2016/12/05 16:04:30.745570, 0]  
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
> Got sig[15] terminate (is_parent=0)  
> [2016/12/05 16:08:31.349762, 0]  
> ../lib/util/charset/codepoints.c:292(get_conv_handle)  
> dos charset 'CP850' unavailable - using ASCII  
> [2016/12/05 16:09:13.256148, 0]  
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)  
> Got sig[15] terminate (is_parent=0)  
>  
>  
>  
>  
>  
> Here is my winbind/idmap config  
>  
>  
>  
> winbind nss info = rfc2307  
> winbind enum users = yes  
> winbind enum groups = yes  
> winbind cache time = 3600  
> idmap config * : backend = tdb  
> idmap config * : range = 3000-7999  
> idmap config MYDOM:backend = ad  
> idmap config MYDOM:schema_mode = rfc2307  
> idmap config MYDOM:range = 10000-999999  
>  
>  
>  
>  
>  
> Can someone help me ?  
>  
>  
>  
> Thank you, have a good day !  
>

>

> Does 'Domain users' have a gidNumber attribute containing a number  
between '10000-999999' ?

>

> Rowland

>

> \--  
To unsubscribe from this list go to the following URL and read the  
instructions: https://lists.samba.org/mailman/options/samba



More information about the samba mailing list