[Samba] AD Group lost from Winbind
Oliver Werner
oliver.werner at kontrast.de
Fri Feb 12 07:55:56 UTC 2016
Hello,
the last two days i have problems with my AD group which is defined in share setting valid users
Winbind looks to lost mapping of this group and so no user can connect to this share anymore.
When restart winbind service mapping works again until mapping lost again.
ls -lsa shows me in issue this:
2 4 drwxr-x--- 63 root 12001 4096 Feb 4 23:42 Share
After restarting winbind:
2 4 drwxr-x--- 63 root group_intern 4096 Feb 4 23:42 Share
My smb.conf looks like
[global]
netbios name = MEMBER1
security = ADS
workgroup = HQ
realm = hq.internal
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 300
idmap config *:backend = tdb
idmap config *:range = 500-9999
# idmap config for domain HQ
idmap config HQ:backend = ad
idmap config HQ:schema_mode = rfc2307
idmap config HQ:range = 10000-99999
# Use settings from AD for login shell and home directory
winbind nss info = rfc2307
[Share]
path = /data/share
browseable = yes
writeable = yes
force group = Group_Intern
valid users = @Group_Intern
create mask = 0660
directory mask = 0770
#oplocks = 0
vfs objects = full_audit recycle
full_audit:prefix = %u
full_audit:success = mkdir rename rmdir unlink pwrite
full_audit:failure = none
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
recycle:versions = yes
recycle:exclude = .*, ~*
Anyone has an idea for this problem?
Regards
Oliver
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.samba.org/pipermail/samba/attachments/20160212/9a24340c/signature.sig>
More information about the samba
mailing list