[Samba] Failed to find domain Unix Group
Carlos A. P. Cunha
carlos.hollow at gmail.com
Wed Jul 13 02:50:35 UTC 2016
Hello!
This is in my member in DC will not use these parameters.
Thanks
Em 12-07-2016 23:48, Data Control Systems - Mike Elkevizth escreveu:
> I forgot to mention in the previous post, I do not have any of the
> "idmap config" parameters in the smb.conf on any of the DCs. I only
> use those parameters on member servers. I would try commenting those
> out on your DC(s) and restarting samba and see if that helps.
>
> Mike E.
>
>
> On Tue, Jul 12, 2016 at 10:20 PM, Carlos A. P. Cunha
> <carlos.hollow at gmail.com <mailto:carlos.hollow at gmail.com>> wrote:
>
> Can return old id, returning the old values (changed the most at
> least two months)
>
> idmap config *: backend = tdb
> idmap config *:range = 5000-16777216
> idmap config SERVERAD: backend = rid
> idmap config SERVERAD: range = 5000-33554431
>
> The error parrou also, but I think the fact that a group with the
> same ID / GID if the User to the fact that the idmap values be
> crossing, even so I changed them (mentioned above)
>
> Thank you
>
>
> Em 12-07-2016 18:26, Data Control Systems - Mike Elkevizth escreveu:
>> I had the same (or similar) issue on my DCs with the gid being
>> 100 and the uids being in the 3000000 range. I'm not sure if
>> you've already set these in your smb.conf, but the relevant
>> section in mine is:
>>
>> idmap_ldb:use rfc2307 = yes
>> template shell = /bin/bash #only needed so AD users can log
>> into the DC locally
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> I also have to use the command 'net cache flush' on a
>> semi-regular basis (I run it via a cron job), or it seems that
>> the DCs will eventually revert back to the incorrect mappings.
>> I'm guessing that what happens is that winbind checks for the
>> rfc2307 value and for some reason it doesn't get a response and
>> then it adds an entry into the idmap.ldb file. Winbind then
>> seems to prefer the idmap.ldb entry over the rfc2307 values. I'm
>> not sure about all the details, but it works for me.
>>
>> Mike E.
>>
>>
>> On Tue, Jul 12, 2016 at 4:58 PM, Rowland penny <rpenny at samba.org
>> <mailto:rpenny at samba.org>> wrote:
>>
>> On 12/07/16 21:46, Carlos A. P. Cunha wrote:
>>
>>
>> Note: This working because I had to change all the
>> permissions and the files were left with various "waste"
>> of old permissions.
>>
>>
>> Thanks
>>
>>
>> Em 12-07-2016 17:44, Carlos A. P. Cunha escreveu:
>>
>>
>> Hello!
>> Sorry for the confusion this where SERVER is
>> SERVERAD(right)
>> At the time this all to work, but still followed the
>> message! Errors in logs.
>> And I'm afraid to change again.
>>
>> : - |
>>
>>
>> Em 12-07-2016 17:40, Rowland penny escreveu:
>>
>> OK, you posted your smb.conf from your
>> fileserver, it contained these lines:
>>
>> workgroup = SERVER
>>
>> and
>>
>> idmap config SERVERAD: backend = rid
>> # I changed values for test
>> idmap config SERVERAD: range = 1000000000 to
>> 9999999999
>>
>> I understand you changed the workgroup to post
>> your smb.conf, but are the actual names for
>> 'SERVER' and 'SERVERAD' the same in your
>> smb.conf, because they should be.
>>
>> This doesn't explain why you are getting private
>> groups, could you check your AD to see if the
>> groups exist.
>>
>>
>>
>>
>> I don't understand how your users/groups changed their IDs,
>> on the DC RIDs are mapped and stored in idmap.ldb, you are
>> also using the winbind 'rid' backend and again, the
>> user/group IDs are mapped from the RID by the algorithm:
>>
>> ID = RID - BASE_RID + LOW_RANGE_ID
>>
>> The BASE_RID is '0' so this becomes:
>>
>> ID = RID + LOW_RANGE_ID
>>
>> So unless you changed the range in smb.conf, your user/group
>> IDs shouldn't change.
>>
>> I still don't understand where your private groups are coming
>> from, unless, are you running sssd or nlscd as well as
>> winbindd ??
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and
>> read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>
More information about the samba
mailing list