[Samba] AD Group lost from Winbind

Oliver Werner oliver.werner at kontrast.de
Fri Feb 12 09:16:27 UTC 2016


In my Situation i don’t use DCs for Shares (only for sysvol)


So my Member is has the problems.


> Am 12.02.2016 um 09:20 schrieb L.P.H. van Belle <belle at bazuin.nl>:
> 
> Ok, im having this :
> 
> DC's
> Debian Wheezy 7.9, sernet samba 4.2.8
> 
> 
> Member servers.
> Debian Jessie samba 4.1.17 ( fileserver )
> Debian Jessie samba 4.2.7  ( print server )
> 	This one isnt updated yet with latest updates.
> 
> The following packages have been kept back:
>  samba sernet-samba sernet-samba-client sernet-samba-common sernet-samba-libs sernet-samba-libsmbclient0 sernet-samba-winbind
> The following packages will be upgraded:
>  krb5-locales krb5-user libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libkrb5-3 libkrb5support0 libtiff5
> 
> on this one all id's are still correct.
> 
> Thanks, Daniel Müller, for your addition..
> 
> This is really a big problem.. what happend her in the samba code?
> I've looked at the change log, but cant seen any related to this.
> 
> So if anyone DEVS ? know what happend here in the samba code.
> As far as i now know i have to.
> Re-assign all my  uid / gids on all users / groups, with other id's, omg wat a hell...
> And fix all idmaps on all servers.. pff. ... really no other fix ?
> 
> There goes my weekend...
> 
> 
> Greetz,
> 
> Louis
> 
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: Oliver Werner [mailto:oliver.werner at kontrast.de]
>> Verzonden: vrijdag 12 februari 2016 9:06
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] AD Group lost from Winbind
>> 
>> my os is debian 8.3
>> 
>> win bind and samba are in version 4.1.17
>> 
>> 
>>> Am 12.02.2016 um 08:58 schrieb L.P.H. van Belle <belle at bazuin.nl>:
>>> 
>>> Ok, same problem as im having..
>>> 
>>> What is your os running?
>>> 
>>> 
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oliver Werner
>>>> Verzonden: vrijdag 12 februari 2016 8:56
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: [Samba] AD Group lost from Winbind
>>>> 
>>>> Hello,
>>>> 
>>>> the last two days i have problems with my AD group which is defined in
>>>> share setting valid users
>>>> 
>>>> Winbind looks to lost mapping of this group and so no user can connect
>> to
>>>> this share anymore.
>>>> 
>>>> When restart winbind service mapping works again until mapping lost
>> again.
>>>> 
>>>> 
>>>> ls -lsa shows me in issue this:
>>>> 
>>>>       2      4 drwxr-x---  63 root               12001
>>>> 4096 Feb  4 23:42 Share
>>>> 
>>>> After restarting winbind:
>>>> 
>>>>       2      4 drwxr-x---  63 root               group_intern
>>>> 4096 Feb  4 23:42 Share
>>>> 
>>>> 
>>>> My smb.conf looks like
>>>> 
>>>> 
>>>> [global]
>>>>      netbios name = MEMBER1
>>>>      security = ADS
>>>>      workgroup = HQ
>>>>      realm = hq.internal
>>>> 
>>>>      log file = /var/log/samba/%m.log
>>>>      log level = 1
>>>> 
>>>>      dedicated keytab file = /etc/krb5.keytab
>>>>      kerberos method = secrets and keytab
>>>>      winbind refresh tickets = yes
>>>> 
>>>>      winbind trusted domains only = no
>>>>      winbind use default domain = yes
>>>>      winbind enum users  = yes
>>>>      winbind enum groups = yes
>>>> 	winbind cache time = 300
>>>> 
>>>> 
>>>>      idmap config *:backend = tdb
>>>>      idmap config *:range = 500-9999
>>>> 
>>>>      # idmap config for domain HQ
>>>>      idmap config HQ:backend = ad
>>>>      idmap config HQ:schema_mode = rfc2307
>>>>      idmap config HQ:range = 10000-99999
>>>> 
>>>>      # Use settings from AD for login shell and home directory
>>>>      winbind nss info = rfc2307
>>>> 
>>>> [Share]
>>>>  path = /data/share
>>>>  browseable = yes
>>>>  writeable = yes
>>>>  force group = Group_Intern
>>>>  valid users = @Group_Intern
>>>>  create mask = 0660
>>>>  directory mask = 0770
>>>>  #oplocks = 0
>>>>  vfs objects = full_audit recycle
>>>>  full_audit:prefix = %u
>>>>  full_audit:success = mkdir rename rmdir unlink pwrite
>>>>  full_audit:failure = none
>>>>  full_audit:facility = LOCAL5
>>>>  full_audit:priority = NOTICE
>>>>  recycle:versions = yes
>>>>  recycle:exclude = .*, ~*
>>>> 
>>>> 
>>>> 
>>>> Anyone has an idea for this problem?
>>>> 
>>>> 
>>>> Regards
>>>> Oliver
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>> 
>>> 
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.samba.org/pipermail/samba/attachments/20160212/6e6adff5/signature.sig>


More information about the samba mailing list