[Samba] idmap_ad problem and workaround

Joe Maloney jpm820 at gmail.com
Wed Jan 27 03:11:25 UTC 2016

Nope.  It's not a samba bug.  It's Windows ACL's.  The users that work have
an ACL that gives Authenticated Users read.  Without that wbinfo -i, id,
getent passwd do not pick up the Unix ID's.  Even an ldap query will not
show it unless the user doing the query is a domain admin.  I know some ACL
changes were made when it was discovered that leftover cruft from a
previous domain migration existed, and it was removed.  This coincides with
the breakage.  Now I have to carefully figure out from a clean environment
what the defaults should be from the top down, and correct.  That should
fix me.

Joe Maloney

On Tue, Jan 26, 2016 at 3:44 PM, Rowland penny <rpenny at samba.org> wrote:

> On 26/01/16 21:34, Joe Maloney wrote:
>> I have tried to add all of the above to smb4.conf with no luck.  I also
>> did a net ads leave, and net ads join.  In addition I cleared the contents
>> of /var/db/samba4.  Only users who have once been granted access to domain
>> admins will show up.  I am becoming more convinced it is something at the
>> Active Directory level.
>> Joe Maloney
> OK, I think you need to open a bug report on this, please provide level 10
> logs from when it happens.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list