[Samba] idmap_ad problem and workaround
rpenny at samba.org
Tue Jan 26 19:35:30 UTC 2016
On 26/01/16 18:48, Joe Maloney wrote:
> Hello all,
> Samba Version 4.1.21 on 8 servers as member servers configured with
> idmap_ad. I have all the RFC2307 attributes configured for every user, and
> group. I wrote a script to ensure that. I have scripts in place to make
> sure I don't have duplicates, show users without attributes, etc. I also
> filter out the users I don't want to see by placing them outside of the
> range set aside for idmap_ad, and outside of the range used by samba.
> In the last few weeks users belong to domain users group quit working.
> Only users who have been previously added to domain admins show up with
> getent passwd. All groups show up. I know this had to be a change at the
> active directory level because it was working. Suddenly each server just
> stopped working like a domino effect at different days all within the same
> If I temporarily add a user to domain admins, and then remove that access
> it fixes the problem. Even if I reboot the server the user remains fixed
> so it's not just a temporary issue. Has anyone ever seen anything like
> this? I am willing to upgrade to a newer samba version. I am just trying
> for my own sanity to figure out what may have caused the issue when things
> have been working for months without issue.
> Joe Maloney
I think you need to give us some more info, what are the DCs running ?
can we see a smb.conf from the member servers, this type of thing.
More information about the samba