[Samba] ADS domain member: winbind fails [SOLVED]

Stefan G. Weichinger lists at xunil.at
Sun Jan 1 16:05:44 UTC 2017


ok, edited etc

all uidNumber now > 10000

except that "root", I was unsure now (?)

gidNumber:

# ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep
'gidNumber'
gidNumber: 10001

-

smb.conf on member:


        idmap config * : backend = tdb
        idmap config * : range = 2000-2999

        idmap config ARBEITSGRUPPE:backend = ad
        idmap config ARBEITSGRUPPE:range = 10000-99999
        idmap config ARBEITSGRUPPE:schema_mode = rfc2307

        username map = /etc/samba/user.map

        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind refresh tickets = Yes

-

restarted all samba daemons on DC and member server, flushed cache

On DC:

# wbinfo -i sgw
sgw:*:10000:10001::/home/ARBEITSGRUPPE/sgw:/bin/false

# getent passwd sgw
sgw:*:10000:10001::/home/ARBEITSGRUPPE/sgw:/bin/false

(good, afaik)

On member server:# wbinfo -i sgw
sgw:*:10000:10001:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false

main samba # getent passwd sgw
sgw:*:10000:10001:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false

- nice, correct??

I even did an additional change and set the gidNumber to 10513 to match
the former gid (in the shared directory the group-id was 10513, now it
is displayed as "domain users" as well).

so now I have:

# getent passwd sgw
sgw:*:10000:10513:sgw:/home/ARBEITSGRUPPE/sgw:/bin/false

*phew*

Any idea what else might be missing? ;-)

thanks!




More information about the samba mailing list