[Samba] ADS domain member: winbind fails [SOLVED]
Stefan G. Weichinger
lists at xunil.at
Sun Jan 1 15:37:41 UTC 2017
Am 2017-01-01 um 16:04 schrieb Rowland Penny via samba:
> So it looks like you only have 77 users, but cannot have any local Unix
> users because your Unix users start at 1000. How do feel about changing
> the uidNumbers ?
feels scary and I'd like to avoid that :-)
> if so, the easiest way will be to open the AD database
> with ldbedit:
> ldbedit -e nano -H /usr/local/samba/private/sam.ldb
> Then search through the file for 'uidNumber' and then change the
> contents, I would just add a '0' after the first digit i.e. '1077'
> would become '10077'
And that won't break things??
> Remove the uidNumber that contains '0'
I just have a look via ldbedit, yes, that points to:
> check that Domain Users has a gidNumber attribute and that it contains
> a number in the 10000 range
I doesn't have that attribute as far as I see.
Do i just add that line?
> finally change 'idmap config ARBEITSGRUPPE:range = 1000-9999' to 'idmap
> config ARBEITSGRUPPE:range = 10000-99999' and put the 'idmap config
> SAMDOM : schema_mode = rfc2307' line back.
> restart the Samba deamons, run 'net cache flush' again then run 'getent
> passwd sgw'
Feeling like a blind brain surgeon already ;-)
I have to prepare myself mentally :-)
>> But the group is wrong.
>> # wbinfo --group-info 'domain users'
>> domain users:x:4294967295:
>> What to correct here, please?
> What is in the 'user.map' ?
# cat user.map
!root = ARBEITSGRUPPE\Administrator
More information about the samba