[Samba] AD Group lost from Winbind

L.P.H. van Belle belle at bazuin.nl
Fri Feb 12 07:58:35 UTC 2016 

Ok, same problem as im having.. 

What is your os running? 


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oliver Werner
> Verzonden: vrijdag 12 februari 2016 8:56
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] AD Group lost from Winbind
> 
> Hello,
> 
> the last two days i have problems with my AD group which is defined in
> share setting valid users
> 
> Winbind looks to lost mapping of this group and so no user can connect to
> this share anymore.
> 
> When restart winbind service mapping works again until mapping lost again.
> 
> 
> ls -lsa shows me in issue this:
> 
>         2      4 drwxr-x---  63 root               12001
> 4096 Feb  4 23:42 Share
> 
> After restarting winbind:
> 
>         2      4 drwxr-x---  63 root               group_intern
> 4096 Feb  4 23:42 Share
> 
> 
> My smb.conf looks like
> 
> 
> [global]
>        netbios name = MEMBER1
>        security = ADS
>        workgroup = HQ
>        realm = hq.internal
> 
>        log file = /var/log/samba/%m.log
>        log level = 1
> 
>        dedicated keytab file = /etc/krb5.keytab
>        kerberos method = secrets and keytab
>        winbind refresh tickets = yes
> 
>        winbind trusted domains only = no
>        winbind use default domain = yes
>        winbind enum users  = yes
>        winbind enum groups = yes
> 	winbind cache time = 300
> 
> 
>        idmap config *:backend = tdb
>        idmap config *:range = 500-9999
> 
>        # idmap config for domain HQ
>        idmap config HQ:backend = ad
>        idmap config HQ:schema_mode = rfc2307
>        idmap config HQ:range = 10000-99999
> 
>        # Use settings from AD for login shell and home directory
>        winbind nss info = rfc2307
> 
> [Share]
>    path = /data/share
>    browseable = yes
>    writeable = yes
>    force group = Group_Intern
>    valid users = @Group_Intern
>    create mask = 0660
>    directory mask = 0770
>    #oplocks = 0
>    vfs objects = full_audit recycle
>    full_audit:prefix = %u
>    full_audit:success = mkdir rename rmdir unlink pwrite
>    full_audit:failure = none
>    full_audit:facility = LOCAL5
>    full_audit:priority = NOTICE
>    recycle:versions = yes
>    recycle:exclude = .*, ~*
> 
> 
> 
> Anyone has an idea for this problem?
> 
> 
> Regards
> Oliver
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list