[Samba] Samba 4.5.8 ADS user not showing in directory tree - chown "invalid user"

Franz Gansberger franz.gansberger at boku.ac.at
Fri May 19 09:49:26 UTC 2017 

Hi,
I'm currently working on evalutating a AD-Domain for my Department. Since I have a couple of year experince in running a NT-Style Domain, my choice is samba - nowadays AD-DS.

Now I'm stuck, and I would really appreciate some more thoughts and a push in the right direction. :-) 

Thank your in advance
Franz


The facts:
A quick test installation is working as expected - Debian Jessie, Samba 4.2.14 from official repository. 
A wbinfo - u lists domain users, and I can chown as neccesary. Of course, the list is without the Realm in front.

# wbinfo -u
demo1
administrator
krbtgt

Over to the designated production server, which behaves different:
Here I have a Stretch with Samba 4.5.8, also from the standard reps 
deb http://ftp.de.debian.org/debian stretch main
deb-src http://ftp.de.debian.org/debian stretch main

This commands are all executed on the PDC.


The same command produces different output:
# wbinfo -u
H955\administrator
H955\krbtgt
H955\guest
H955\demo1

I get the mentioned error on chown - invalid user.

ls produces this- uid are korrekt.

#ls -al
total 56
drwxrwxrwx  8 root    root  4096 May 19 10:03 .
drwxr-xr-x  3 root    root  4096 May  8 15:36 ..

drwxrwxr-x+ 2 3000019 users 4096 May 19 09:40 demo1
drwxrwxr-x+ 2 3000019 users 4096 May 19 10:03 demo1_new
drwxrwxr-x+ 2 3000000 users 4096 May 18 16:12 admin


Here's my system environment:
# uname -a
Linux vw-ads 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux

# samba -V
Version 4.5.8-Debian

#samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=H955.TEST.AC.AT --domain=H955 --adminpass=passw0rd

#net rpc rights grant 'H955\Domain Admins' SeDiskOperatorPrivilege -Uadministrator


# cat /etc/samba/smb.conf
# Global parameters
[global]
	    netbios name = VW1-ADS
	    realm = H955.TEST.AC.AT
	    workgroup = H955
	    dns forwarder = 8.8.8.8
	    server role = active directory domain controller
	    idmap_ldb:use rfc2307 = yes

[netlogon]
	    path = /data/data-nfs-vw/netlogon-ads/
	    read only = No

[sysvol]
	    path = /var/lib/samba/sysvol
	    read only = No

[profiles]
comment = Roaming Profiles
path = /data/data-nfs-vw/profiles-ads/
writeable = yes
store dos attributes = yes
profile acls = yes
csc policy = disable


[test]
path = /data/data/test
writeable = yes


# locate libnss_winbind.so
/lib/x86_64-linux-gnu/libnss_winbind.so
/lib/x86_64-linux-gnu/libnss_winbind.so.2
/lib64/libnss_winbind.so
/lib64/libnss_winbind.so.2

 #ls -al /etc/krb5.conf
lrwxrwxrwx 1 root root 32 May 16 20:40 /etc/krb5.conf -> /var/lib/samba/private/krb5.conf

# cat /etc/nsswitch.conf
# /etc/nsswitch.conf

passwd: files winbind
group:  files winbind
passwd:		 compat
group:		  compat
shadow:		 compat
gshadow:	    files
hosts:		  files dns
networks:	   files
protocols:	  db files
services:	   db files
ethers:		 db files
rpc:		    db files
netgroup:	   nis

More information about the samba mailing list