[Samba] idmap_ad problem and workaround
Joe Maloney
jpm820 at gmail.com
Wed Jan 27 03:11:25 UTC 2016
Nope. It's not a samba bug. It's Windows ACL's. The users that work have
an ACL that gives Authenticated Users read. Without that wbinfo -i, id,
getent passwd do not pick up the Unix ID's. Even an ldap query will not
show it unless the user doing the query is a domain admin. I know some ACL
changes were made when it was discovered that leftover cruft from a
previous domain migration existed, and it was removed. This coincides with
the breakage. Now I have to carefully figure out from a clean environment
what the defaults should be from the top down, and correct. That should
fix me.
Joe Maloney
On Tue, Jan 26, 2016 at 3:44 PM, Rowland penny <rpenny at samba.org> wrote:
> On 26/01/16 21:34, Joe Maloney wrote:
>
>> I have tried to add all of the above to smb4.conf with no luck. I also
>> did a net ads leave, and net ads join. In addition I cleared the contents
>> of /var/db/samba4. Only users who have once been granted access to domain
>> admins will show up. I am becoming more convinced it is something at the
>> Active Directory level.
>>
>> Joe Maloney
>>
>>
> OK, I think you need to open a bug report on this, please provide level 10
> logs from when it happens.
>
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list