[Samba] Join QNAP to a Samba AD
contact at makz.me
contact at makz.me
Tue Dec 6 08:13:03 UTC 2016
Hello,
No it's a AD classicupgraded from a Samba 3 PDC
Here's a user example from my DC
uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users) groupes=513(MYDOM\domain us
ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041
(MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users)
my first user start at uid 1001 (1000 was the administrator account on the S3
PDC)
and groups start at 1000, AD and old PDC have exactly the same uid/gid except
for specific AD builtin groups.
On Dec 5 2016, at 6:07 pm, Rowland Penny via samba <samba at lists.samba.org>
wrote:
> On Mon, 05 Dec 2016 15:43:09 +0000
contact--- via samba <samba at lists.samba.org> wrote:
>
> > Hello,
>
>
>
> I'm currently stuck with a QNAP NAS appliance (don't buy this !)
>
>
>
> I have a Sernet Samba 4.5 as an AD controller and my QNAP have a
> Samba 4.0.25 (latest update)
>
>
>
> All i want is to join the QNAP to the AD, the QNAP will act as the
> file server.
>
>
>
> The join in the official way is okay but the uid / gid mapping is
> f*cked.
>
>
>
> I tried almost everything, change the idmap, manual join, ad / rid /
> autoid mode ect ... when it work, i have bad uid/gids
>
>
>
> When i set the idmap to start from 0 my gid 515 is good but other uid
> are bad.
>
>
>
> For now, i changed the settings to match the wiki page of samba
> "Setup samba as an AD Domain Member" with ad backend rfc2307, winbind
> return the correct user list, the SID are good but when wbinfo try to
> convert them to uid/gid i have an error.
>
>
>
> Exemple :
>
>
>
> [/etc/config] # wbinfo -n begr00
> S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 SID_USER (1)
>
>
>
> [/etc/config] # wbinfo -S S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-21-xxxxxx-xxxxxx-xxxxxx-3232 to uid
>
>
>
> the winbind log, nothing really interesting
>
>
>
> [2016/12/05 16:04:30.745570, 0]
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)
> Got sig[15] terminate (is_parent=0)
> [2016/12/05 16:08:31.349762, 0]
> ../lib/util/charset/codepoints.c:292(get_conv_handle)
> dos charset 'CP850' unavailable - using ASCII
> [2016/12/05 16:09:13.256148, 0]
> ../source3/winbindd/winbindd.c:204(winbindd_sig_term_handler)
> Got sig[15] terminate (is_parent=0)
>
>
>
>
>
> Here is my winbind/idmap config
>
>
>
> winbind nss info = rfc2307
> winbind enum users = yes
> winbind enum groups = yes
> winbind cache time = 3600
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config MYDOM:backend = ad
> idmap config MYDOM:schema_mode = rfc2307
> idmap config MYDOM:range = 10000-999999
>
>
>
>
>
> Can someone help me ?
>
>
>
> Thank you, have a good day !
>
>
> Does 'Domain users' have a gidNumber attribute containing a number
between '10000-999999' ?
>
> Rowland
>
> \--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list