[Samba] member domain idmap config ad/rid

Elias Pereira empbilly at gmail.com
Wed May 31 16:59:05 UTC 2017


Rowland, forget the previous message !! My mistake!!

But even fixing the above problems, I can not access the security tab with
the user administrator.

Checking the logs, the error messages below appears.

[2017/05/31 13:52:01.303413,  3]
../source3/smbd/service.c:576(make_connection_snum)
  Connect path is '/home/dados' for service [storage]
[2017/05/31 13:52:01.303453,  3]
../source3/smbd/uid.c:153(check_user_share_access)
  user root connection to storage denied due to share security descriptor.
[2017/05/31 13:52:01.303481,  3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:135
[2017/05/31 13:52:18.795711,  3] ../source3/smbd/service.c:1098(close_cnum)
  200.132.89.133 (ipv4:200.132.89.133:61294) closed connection to service
IPC$
[2017/05/31 13:52:18.796924,  3]
../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)


On Wed, May 31, 2017 at 1:56 PM, Elias Pereira <empbilly at gmail.com> wrote:

> No, you have hit a known bug. The 'idmap config ' work done for 4.6.0
>> seems to be causing this, you can safely ignore this error.
>
>
> Ok Rowland, thanks!!
>
> Mas mesmo conseguindo corrigir os problemas acima, não consigo ter acesso
> a aba security com o usuario administrator.
>
> Verificando nos logs, aparece a mensagem abaixo.
>
>
> On Wed, May 31, 2017 at 11:59 AM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Wed, 31 May 2017 11:12:51 -0300
>> Elias Pereira <empbilly at gmail.com> wrote:
>>
>> > Rowland,
>> >
>> > I checked and got the entry for root in idmap.ldb
>> >
>> > To get 'getent' to show users on the DC, you need to have
>> > > libnss_winbind set up just like on a domain member.
>> >
>> >
>> > Okay. I installed the libnss-winbind package, configured the links to
>> > the lib, and now the getent passwd administrator works.
>> >
>> > Now, when running the testparm the error occurs:
>> >
>> > idmap range not specified for domain '*'
>> > ERROR: Invalid idmap range for domain *!
>> >
>> > I need an entry "idmap config *: range = 3000-7999" in smb.conf of AD?
>> >
>>
>> No, you have hit a known bug. The 'idmap config ' work done for 4.6.0
>> seems to be causing this, you can safely ignore this error.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> Elias Pereira
>



-- 
Elias Pereira


More information about the samba mailing list