[Samba] Failed to find domain Unix Group

Carlos A. P. Cunha carlos.hollow at gmail.com
Wed Jul 13 02:20:52 UTC 2016 

Can return old id, returning the old values (changed the most at least 
two months)

idmap config *: backend = tdb
idmap config *:range = 5000-16777216
idmap config SERVERAD: backend = rid
idmap config SERVERAD: range = 5000-33554431

The error parrou also, but I think the fact that a group with the same 
ID / GID if the User to the fact that the idmap values be crossing, even 
so I changed them (mentioned above)

Thank you


Em 12-07-2016 18:26, Data Control Systems - Mike Elkevizth escreveu:
> I had the same (or similar) issue on my DCs with the gid being 100 and 
> the uids being in the 3000000 range.   I'm not sure if you've already 
> set these in your smb.conf, but the relevant section in mine is:
>
> idmap_ldb:use rfc2307 = yes
> template shell = /bin/bash   #only needed so AD users can log into the 
> DC locally
> winbind use default domain = yes
> winbind enum users  = yes
> winbind enum groups = yes
>
> I also have to use the command 'net cache flush' on a semi-regular 
> basis (I run it via a cron job), or it seems that the DCs will 
> eventually revert back to the incorrect mappings.  I'm guessing that 
> what happens is that winbind checks for the rfc2307 value and for some 
> reason it doesn't get a response and then it adds an entry into the 
> idmap.ldb file.  Winbind then seems to prefer the idmap.ldb entry over 
> the rfc2307 values.  I'm not sure about all the details, but it works 
> for me.
>
> Mike E.
>
>
> On Tue, Jul 12, 2016 at 4:58 PM, Rowland penny <rpenny at samba.org 
> <mailto:rpenny at samba.org>> wrote:
>
>     On 12/07/16 21:46, Carlos A. P. Cunha wrote:
>
>
>         Note: This working because I had to change all the permissions
>         and the files were left with various "waste" of old permissions.
>
>
>         Thanks
>
>
>         Em 12-07-2016 17:44, Carlos A. P. Cunha escreveu:
>
>
>             Hello!
>             Sorry for the confusion this where SERVER is SERVERAD(right)
>             At the time this all to work, but still followed the
>             message! Errors in logs.
>             And I'm afraid to change again.
>
>             : - |
>
>
>             Em 12-07-2016 17:40, Rowland penny escreveu:
>
>                 OK, you posted your smb.conf from your fileserver, it
>                 contained these lines:
>
>                 workgroup = SERVER
>
>                 and
>
>                 idmap config SERVERAD: backend = rid
>                 # I changed values ​​for test
>                 idmap config SERVERAD: range = 1000000000 to 9999999999
>
>                 I understand you changed the workgroup to post your
>                 smb.conf, but are the actual names for 'SERVER' and
>                 'SERVERAD' the same in your smb.conf, because they
>                 should be.
>
>                 This doesn't explain why you are getting private
>                 groups, could you check your AD to see if the groups
>                 exist.
>
>
>
>
>     I don't understand how your users/groups changed their IDs, on the
>     DC RIDs are mapped and stored in idmap.ldb, you are also using the
>     winbind 'rid' backend and again, the user/group IDs are mapped
>     from the RID by the algorithm:
>
>      ID = RID - BASE_RID + LOW_RANGE_ID
>
>     The BASE_RID is '0' so this becomes:
>
>     ID = RID + LOW_RANGE_ID
>
>     So unless you changed the range in smb.conf, your user/group IDs
>     shouldn't change.
>
>     I still don't understand where your private groups are coming
>     from, unless, are you running sssd or nlscd as well as winbindd ??
>
>     Rowland
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list