[Samba] AD Group lost from Winbind

L.P.H. van Belle belle at bazuin.nl
Fri Feb 12 09:22:38 UTC 2016 

Thats strange, my members dont show this the problem, only my DC's 

Can you post your smb.conf of the DC and one of your member servers. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver.werner at kontrast.de]
> Verzonden: vrijdag 12 februari 2016 10:16
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] AD Group lost from Winbind
> 
> In my Situation i don?t use DCs for Shares (only for sysvol)
> 
> 
> So my Member is has the problems.
> 
> 
> > Am 12.02.2016 um 09:20 schrieb L.P.H. van Belle <belle at bazuin.nl>:
> >
> > Ok, im having this :
> >
> > DC's
> > Debian Wheezy 7.9, sernet samba 4.2.8
> >
> >
> > Member servers.
> > Debian Jessie samba 4.1.17 ( fileserver )
> > Debian Jessie samba 4.2.7  ( print server )
> > 	This one isnt updated yet with latest updates.
> >
> > The following packages have been kept back:
> >  samba sernet-samba sernet-samba-client sernet-samba-common sernet-
> samba-libs sernet-samba-libsmbclient0 sernet-samba-winbind
> > The following packages will be upgraded:
> >  krb5-locales krb5-user libgssapi-krb5-2 libgssrpc4 libk5crypto3
> libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libkrb5-3 libkrb5support0
> libtiff5
> >
> > on this one all id's are still correct.
> >
> > Thanks, Daniel Müller, for your addition..
> >
> > This is really a big problem.. what happend her in the samba code?
> > I've looked at the change log, but cant seen any related to this.
> >
> > So if anyone DEVS ? know what happend here in the samba code.
> > As far as i now know i have to.
> > Re-assign all my  uid / gids on all users / groups, with other id's, omg
> wat a hell...
> > And fix all idmaps on all servers.. pff. ... really no other fix ?
> >
> > There goes my weekend...
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: Oliver Werner [mailto:oliver.werner at kontrast.de]
> >> Verzonden: vrijdag 12 februari 2016 9:06
> >> Aan: L.P.H. van Belle
> >> CC: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] AD Group lost from Winbind
> >>
> >> my os is debian 8.3
> >>
> >> win bind and samba are in version 4.1.17
> >>
> >>
> >>> Am 12.02.2016 um 08:58 schrieb L.P.H. van Belle <belle at bazuin.nl>:
> >>>
> >>> Ok, same problem as im having..
> >>>
> >>> What is your os running?
> >>>
> >>>
> >>>> -----Oorspronkelijk bericht-----
> >>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oliver
> Werner
> >>>> Verzonden: vrijdag 12 februari 2016 8:56
> >>>> Aan: samba at lists.samba.org
> >>>> Onderwerp: [Samba] AD Group lost from Winbind
> >>>>
> >>>> Hello,
> >>>>
> >>>> the last two days i have problems with my AD group which is defined
> in
> >>>> share setting valid users
> >>>>
> >>>> Winbind looks to lost mapping of this group and so no user can
> connect
> >> to
> >>>> this share anymore.
> >>>>
> >>>> When restart winbind service mapping works again until mapping lost
> >> again.
> >>>>
> >>>>
> >>>> ls -lsa shows me in issue this:
> >>>>
> >>>>       2      4 drwxr-x---  63 root               12001
> >>>> 4096 Feb  4 23:42 Share
> >>>>
> >>>> After restarting winbind:
> >>>>
> >>>>       2      4 drwxr-x---  63 root               group_intern
> >>>> 4096 Feb  4 23:42 Share
> >>>>
> >>>>
> >>>> My smb.conf looks like
> >>>>
> >>>>
> >>>> [global]
> >>>>      netbios name = MEMBER1
> >>>>      security = ADS
> >>>>      workgroup = HQ
> >>>>      realm = hq.internal
> >>>>
> >>>>      log file = /var/log/samba/%m.log
> >>>>      log level = 1
> >>>>
> >>>>      dedicated keytab file = /etc/krb5.keytab
> >>>>      kerberos method = secrets and keytab
> >>>>      winbind refresh tickets = yes
> >>>>
> >>>>      winbind trusted domains only = no
> >>>>      winbind use default domain = yes
> >>>>      winbind enum users  = yes
> >>>>      winbind enum groups = yes
> >>>> 	winbind cache time = 300
> >>>>
> >>>>
> >>>>      idmap config *:backend = tdb
> >>>>      idmap config *:range = 500-9999
> >>>>
> >>>>      # idmap config for domain HQ
> >>>>      idmap config HQ:backend = ad
> >>>>      idmap config HQ:schema_mode = rfc2307
> >>>>      idmap config HQ:range = 10000-99999
> >>>>
> >>>>      # Use settings from AD for login shell and home directory
> >>>>      winbind nss info = rfc2307
> >>>>
> >>>> [Share]
> >>>>  path = /data/share
> >>>>  browseable = yes
> >>>>  writeable = yes
> >>>>  force group = Group_Intern
> >>>>  valid users = @Group_Intern
> >>>>  create mask = 0660
> >>>>  directory mask = 0770
> >>>>  #oplocks = 0
> >>>>  vfs objects = full_audit recycle
> >>>>  full_audit:prefix = %u
> >>>>  full_audit:success = mkdir rename rmdir unlink pwrite
> >>>>  full_audit:failure = none
> >>>>  full_audit:facility = LOCAL5
> >>>>  full_audit:priority = NOTICE
> >>>>  recycle:versions = yes
> >>>>  recycle:exclude = .*, ~*
> >>>>
> >>>>
> >>>>
> >>>> Anyone has an idea for this problem?
> >>>>
> >>>>
> >>>> Regards
> >>>> Oliver
> >>>> --
> >>>> To unsubscribe from this list go to the following URL and read the
> >>>> instructions:  https://lists.samba.org/mailman/options/samba
> >>>
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list