[Samba] ADS domain member: winbind fails [SOLVED]
Stefan G. Weichinger
lists at xunil.at
Sun Jan 1 14:40:53 UTC 2017
googled and tried stuff:
# net ads search '(|(uidNumber=*)(gidNumber=*))' sAMAccountName
uidNumber gidNumber -P | grep uidN | sort -n
... shows me uidNumbers:
uidNumber: 0
uidNumber: 1000
.. up to 1077
So my idmap range was completely wrong, I assume.
I now have on the member server:
# cat /etc/samba/smb.conf
[global]
security = ADS
workgroup = ARBEITSGRUPPE
realm = arbeitsgruppe.secret.tld
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
#idmap config * : range = 2000-2999
## idmap config for the ARBEITSGRUPPE domain
idmap config ARBEITSGRUPPE:backend = ad
idmap config ARBEITSGRUPPE:range = 1000-9999
username map = /etc/samba/user.map
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
Now I get wbinfo -i again:
# wbinfo -i sgw
sgw:*:4294967295:4294967295:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false
But the group is wrong.
# wbinfo --group-info 'domain users'
domain users:x:4294967295:
What to correct here, please?
More information about the samba
mailing list