[Samba] member server idmap config (auto)rid
Lange Norbert
norbert.lange at andritz.com
Tue Aug 8 13:24:06 UTC 2017
Hi,
sorry, I responded to the wrong thread.
Please ignore my posts here, my issue is different and the last post is here: https://lists.samba.org/archive/samba/2017-August/210156.html
>-----Original Message-----
>From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van
>Belle via samba
>Sent: Dienstag, 08. August 2017 14:19
>To: samba at lists.samba.org
>Subject: Re: [Samba] member server idmap config (auto)rid
>
>EMAIL from a NON-ANDRITZ SOURCE: as a security measure, please exercise
>caution with email content and any links or attachments.
>
>
>Ok debian stretch..
>
>Go here.
>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862580#39
>Review all steps there. ( message 39, Date: Mon, 22 May 2017 10:21:18 +0200
>)
>
>And if you change something, mark it so you can find it back, but that config
>works.
>If it fails, post you smb.conf and post where you see errors based on the steps
>of above link.
>
>Without smb.conf is a guessing game.
>
>
>Greetz,
>
>Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Lange Norbert via samba
>> Verzonden: dinsdag 8 augustus 2017 13:30
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] member server idmap config (auto)rid
>>
>> (forwarding as I forgot to reply-all)
>>
>> -----Original Message-----
>> From: Lange Norbert
>> Sent: Dienstag, 08. August 2017 12:26
>> To: 'mathias dufresne'
>> Subject: RE: [Samba] member server idmap config (auto)rid
>>
>> >Did you install libpam-winbind? libpam-krb5?
>>
>> Nope, I did try installing them now, made no difference.
>> I have backup-scripts running on the server for months, and
>> it worked before.
>>
>> Can`t get wbinfo to report anything but errors, I am using
>> user/domain/pass file with smbclient, There is no
>> sophisticated authentication AFAIK, and the issue just seems
>> that samba sends data in bigger chunks than the server
>> accepts, the patch limits this. This does not seem anything
>> related to login/auth.
>>
>> Kind regards,
>> Norbert
>>
>> >-----Original Message-----
>> >From: samba [mailto:samba-bounces at lists.samba.org] On
>> Behalf Of mathias >dufresne via samba
>> >Sent: Dienstag, 08. August 2017 12:05
>> >Cc: samba
>> >Subject: Re: [Samba] member server idmap config (auto)rid
>> > >EMAIL from a NON-ANDRITZ SOURCE: as a security measure,
>> please exercise >caution with email content and any links or
>> attachments.
>> >
>> >
>> >Hi,
>> >
>> >Could you post the whole smb.conf? That should help...
>> >
>> >Did you install libpam-winbind? libpam-krb5?
>> >
>> >Kerberos is working? It should as you mentioned join was ok.
>> >
>> >Anyway and in short, to help we need information.
>> >
>> >And playing with wbinfo could help to understand what you
>> missed (wbinfo -n >username; wbinfo -S userSID; wbnifo -i
>> username; for a start) >
>> >2017-08-07 16:44 GMT+02:00 Neil Price via samba
>> <samba at lists.samba.org>:
>> >
>> >> I've joined a samba 4.48 (debian stretch) to a Windows
>> 2008R2 AD domain >> according to
>> >https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domai
>> >> n_Member
>> >>
>> >> It joins OK but I cannot get idmap rid (or autorid) to work >>
>> >> idmap config * : backend = autorid
>> >> idmap config * : range = 1000000-1199999
>> >>
>> >
>> >Using only these two lines AD users and groups could become
>> Linux users and >groups but their UID/GID will be randomly
>> generated, which is certinaly not >what you want (at least
>> in future that's you should regret) > > >> >> Nothing is
>> returned for getent "SAMDOM\user"
>> >>
>> >> log.winbindd shows:
>> >>
>> >> [2017/08/07 15:44:08.377559, 3]
>> ../source3/winbindd/winbindd_g >>
>> etpwnam.c:56(winbindd_getpwnam_send)
>> >> getpwnam SAMDOM\user
>> >> [2017/08/07 15:45:12.561500, 5]
>> ../source3/winbindd/winbindd.c >> :1139(remove_timed_out_clients)
>> >> Client request timed out, shutting down sock 26, pid 639
>> >>
>> >> (libnss_winbind is installed and nsswitcy.conf modified
>> as per wiki) >> >> If however I use >>
>> >> idmap config * : backend = tdb
>> >> idmap config * : range = 3000-7999
>> >>
>> >> idmap config SAMDOM : backend = rid
>> >> idmap config SAMDOM : range = 1000000-1199999
>> >>
>> >
>> >Using these 4 lines is the right thing to do: idmap-rid
>> will generate >UID/GID using LDAP object's RID + 1000000
>> (according to what you wrote) and >as UID/GID are now based
>> on RID which is stable your UID/GID will be stable >too (not
>> randomly generated) > > >> >> Then getent "SAMDOM\user"
>> works but the uid is taken from the * range, not >> SAMDOM.
>> >>
>> >> What am I doing wrong?
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> To unsubscribe from this list go to the following URL and
>> read the >> instructions:
>> https://lists.samba.org/mailman/options/samba
>> >--
>> >To unsubscribe from this list go to the following URL and read the
>> >instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>> ##############################################################
>> #######################
>>
>> This message and any attachments are solely for the use of
>> the intended recipients. They may contain privileged and/or
>> confidential information or other information protected from
>> disclosure. If you are not an intended recipient, you are
>> hereby notified that you received this email in error and
>> that any review, dissemination, distribution or copying of
>> this email and any attachment is strictly prohibited. If you
>> have received this email in error, please contact the sender
>> and delete the message and any attachment from your system.
>>
>> Thank You.
>>
>> ##############################################################
>> #######################
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list