[Samba] wbinfo -S SID deliver -1
EDNT GMBH
edv at ednt.de
Tue Apr 25 21:37:55 UTC 2017
Thanks for fast help !
Inside username map is :
!root = EDNT\Administrator EDNT\administrator
All your changs done.
With rid it works !
Why i cant use AD ??
Regards Karl
Am 25.04.2017 um 23:06 schrieb Rowland Penny via samba:
> On Tue, 25 Apr 2017 22:31:48 +0200
> edv--- via samba <samba at lists.samba.org> wrote:
>
>> i have setup a samba server as a AD member. AD: 2012R2
>>
>> The first day everything was working fine. After restart the Samba
>> Service i had no access to my shares.
>>
>> getent passwd and getent group deliver the UID and GID :
>> 4294967295:4294967295: by all AD Users
>>
>> which is -1 (FFFF FFFF)
>>
>> wbinfo -n user deliver S-1-5-21-4001112740-1724199908-163113746-1106
>> SID_USER (1) which is correct !
>>
>> I get from wbinfo -S S-1-5-21-4001112740-1724199908-163113746-1106 as
>> result -1 !
>>
>> In the Winbind log i get :
>> i get from the log Parsing value for key
>> [IDMAP/SID2XID/S-1-5-21-4001112740-1724199908-163113746-1106]:
>> value=[-1:N]
>>
>>
>> The Samba Version is : Version 4.2.14-Debian
>>
>> My smb.conf is :
>> [global]
>> netbios name = fs2
>> workgroup = XDNT
>> security = ADS
>> realm = XDNT.DE
>> encrypt passwords = yes
>>
>> log file = /var/log/samba/log.%m
>> log level = 10 #passdp:10 auth:10 winbind:10
>>
>> # Log auf Datei Zugriff
>> vfs object = full_audit recycle acl_xattr
>> full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
>> full_audit:success = mkdir rename unlink rmdir pwrite
>> full_audit:failure = none
>> full_audit:facility = local7
>> # full_audit:priority = DEBUG
>> full_audit:priority = notice
>>
>> # Log auf Datei löschen
>> recycle:repository = /srv/export/samba/recycle
>> recycle:subdir_mode = 0770
>> recycle:directory_mode = 0770
>> recycle:keeptree = Yes
>> recycle:versions = Yes
>> recycle:touch = Yes
>> recycle:touch_mtime = Yes
>> recycle:maxsize = 0
>>
>> syslog = yes
>>
>> #idmap config *:backend = tdb
>> #idmap config *:range = 85000-86000
> Uncomment the above two lines you need them ;-)
>
>> idmap config XDNT : backend = ad
>> idmap config XDNT : schema_mode = rfc2307
>> idmap config XDNT : range = 3000000-4000000
> Have you actually given your users and groups a uidNumber or gidNumber
> attribute inside the range 3000000-4000000 ?
>
> If not, change the backend to 'rid' instead of 'ad' and remove the
> schema_mode line.
>
>> idmap config XDNT:unix_primary_group = yes
> The Same goes for the above line, if you have no gidNumber attributes,
> remove it.
>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind refresh tickets = yes
>>
>> # winbind nss info = template
>> # template shell = /bin/bash
>> # template homedir = /home/%U
> uncomment the template lines if you use the 'rid' backend
>
>> map acl inherit = Yes
>> store dos attributes = Yes
> Add 'vfs objects = acl_xattr' as well
>
>> follow symlinks = yes
>>
>> passdb backend = tdbsam
>> map untrusted to domain = Yes
>>
>> username map = /etc/samba/user.map
> What is in the username map ?
>
> Try reading this Samba wiki page:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Rowland
>
>
>
More information about the samba
mailing list