[Samba] AD Group lost from Winbind

Oliver Werner oliver.werner at kontrast.de
Fri Feb 12 08:06:14 UTC 2016 

my os is debian 8.3

win bind and samba are in version 4.1.17


> Am 12.02.2016 um 08:58 schrieb L.P.H. van Belle <belle at bazuin.nl>:
> 
> Ok, same problem as im having..
> 
> What is your os running?
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oliver Werner
>> Verzonden: vrijdag 12 februari 2016 8:56
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] AD Group lost from Winbind
>> 
>> Hello,
>> 
>> the last two days i have problems with my AD group which is defined in
>> share setting valid users
>> 
>> Winbind looks to lost mapping of this group and so no user can connect to
>> this share anymore.
>> 
>> When restart winbind service mapping works again until mapping lost again.
>> 
>> 
>> ls -lsa shows me in issue this:
>> 
>>        2      4 drwxr-x---  63 root               12001
>> 4096 Feb  4 23:42 Share
>> 
>> After restarting winbind:
>> 
>>        2      4 drwxr-x---  63 root               group_intern
>> 4096 Feb  4 23:42 Share
>> 
>> 
>> My smb.conf looks like
>> 
>> 
>> [global]
>>       netbios name = MEMBER1
>>       security = ADS
>>       workgroup = HQ
>>       realm = hq.internal
>> 
>>       log file = /var/log/samba/%m.log
>>       log level = 1
>> 
>>       dedicated keytab file = /etc/krb5.keytab
>>       kerberos method = secrets and keytab
>>       winbind refresh tickets = yes
>> 
>>       winbind trusted domains only = no
>>       winbind use default domain = yes
>>       winbind enum users  = yes
>>       winbind enum groups = yes
>> 	winbind cache time = 300
>> 
>> 
>>       idmap config *:backend = tdb
>>       idmap config *:range = 500-9999
>> 
>>       # idmap config for domain HQ
>>       idmap config HQ:backend = ad
>>       idmap config HQ:schema_mode = rfc2307
>>       idmap config HQ:range = 10000-99999
>> 
>>       # Use settings from AD for login shell and home directory
>>       winbind nss info = rfc2307
>> 
>> [Share]
>>   path = /data/share
>>   browseable = yes
>>   writeable = yes
>>   force group = Group_Intern
>>   valid users = @Group_Intern
>>   create mask = 0660
>>   directory mask = 0770
>>   #oplocks = 0
>>   vfs objects = full_audit recycle
>>   full_audit:prefix = %u
>>   full_audit:success = mkdir rename rmdir unlink pwrite
>>   full_audit:failure = none
>>   full_audit:facility = LOCAL5
>>   full_audit:priority = NOTICE
>>   recycle:versions = yes
>>   recycle:exclude = .*, ~*
>> 
>> 
>> 
>> Anyone has an idea for this problem?
>> 
>> 
>> Regards
>> Oliver
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.samba.org/pipermail/samba/attachments/20160212/b769f93a/signature.sig>

More information about the samba mailing list