[Samba] Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users

L.P.H. van Belle belle at bazuin.nl
Mon Aug 21 17:47:43 UTC 2017 

after the change did you run : net cache flush
and restart samba/winbind to be sure.
maybe configure template homdir and shell also?
for rid a must.


Greetz

Louis

> Op 21 aug. 2017 om 18:16 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven:
> 
> On Mon, 21 Aug 2017 17:25:31 +0200
> Martin Decker via samba <samba at lists.samba.org> wrote:
> 
>> Dear Rowland,
>> 
>> our windows admin assured me that they have set uidNumber and
>> gidNumber in the range. I have requested screenshots for confirmation.
>> 
>> Now we are one step further: "getent passwd | grep mdecker" now lists
>> the AD account.
>> 
>> mdecker:*:13667:7142:Decker, Martin:/home/MYDOM/mdecker:/bin/false
>> 
>> With "getent passwd mdecker" however, it shows
>> "NT_STATUS_NO_SUCH_USER".
>> 
>> getent passwd mdecker
>> 
>> winbindd_getpwnam: My domain -- rejecting getpwnam() for
>> MYDOM\mdecker. Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
>> 
>> Also not working:
>> 
>> getnet passwd mdecker
>> getent passwd "MYDOM\\mdecker"
>> 
>> What is working though is when i give REALM Suffix ".ADS"
>> 
>> getent passwd "MYDOM.ADS\\mdecker"
>> mdecker:*:13667:7142:Decker, Martin:/home/MYDOM/mdecker:/bin/false
>> 
> 
> If I run:
> getent passwd rowland
> getent passwd "SAMDOM\rowland"
> getent passwd "SAMDOM.EXAMPLE.COM\rowland"
> 
> They all produce the same output:
> 
> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
> 
> Lets step back a bit here, is this just one Unix fileserver? 
> It also looks like you will not be using most of the RFC2307
> attributes, just UidNumber & gidNumber.
> 
> if this is the case, have you considered the rid backend ?
> With this, you do not need anything in AD, it uses the RID to calculate
> the users or groups ID.
> 
> If you change:
> 
>    idmap config * :backend = tdb
>    idmap config * : range = 1000000-1999999
>    idmap config MYDOM : backend = ad
>    idmap config MYDOM : range = 100-999999
>    idmap config MYDOM : schema_mode = rfc2307  
> 
> To:
>    idmap config * :backend = tdb
>    idmap config * : range = 1000000-1999999
>    idmap config MYDOM : backend = rid
>    idmap config MYDOM : range = 100-999999
> 
> You should get everything to work.
> If it does, it proves that the problem is in AD
> If it doesn't, then there must be a problem on your Unix domain member.
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list