[Samba] ADS domain member: winbind fails [SOLVED]
Stefan G. Weichinger
lists at xunil.at
Sun Jan 1 16:05:44 UTC 2017
ok, edited etc
all uidNumber now > 10000
except that "root", I was unsure now (?)
gidNumber:
# ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep
'gidNumber'
gidNumber: 10001
-
smb.conf on member:
idmap config * : backend = tdb
idmap config * : range = 2000-2999
idmap config ARBEITSGRUPPE:backend = ad
idmap config ARBEITSGRUPPE:range = 10000-99999
idmap config ARBEITSGRUPPE:schema_mode = rfc2307
username map = /etc/samba/user.map
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
-
restarted all samba daemons on DC and member server, flushed cache
On DC:
# wbinfo -i sgw
sgw:*:10000:10001::/home/ARBEITSGRUPPE/sgw:/bin/false
# getent passwd sgw
sgw:*:10000:10001::/home/ARBEITSGRUPPE/sgw:/bin/false
(good, afaik)
On member server:# wbinfo -i sgw
sgw:*:10000:10001:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false
main samba # getent passwd sgw
sgw:*:10000:10001:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false
- nice, correct??
I even did an additional change and set the gidNumber to 10513 to match
the former gid (in the shared directory the group-id was 10513, now it
is displayed as "domain users" as well).
so now I have:
# getent passwd sgw
sgw:*:10000:10513:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false
*phew*
Any idea what else might be missing? ;-)
thanks!
More information about the samba
mailing list