[Samba] Domain member server: user access
Stefan G. Weichinger
lists at xunil.at
Tue Oct 10 07:19:11 UTC 2017
Am 2017-10-09 um 21:57 schrieb Rowland Penny via samba:
> On Mon, 9 Oct 2017 21:35:39 +0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
>> Am 2017-10-09 um 21:04 schrieb Rowland Penny via samba:
>>
>>> It isn't supposed to work like this and it didn't used to work like
>>> this.
>>
>> Then the software shouldn't allow me to do so and/or give useful
>> feedback, don't you agree?
>
> I don't see how you could be stopped from doing this, when a user or
> group first contacts a DC, it is given an 'xidNumber' attribute in
> idmap.ldb, containing the next available number in the 3000000' range.
> If you decide to give this user or group a uidNumber or gidNumber
> attribute, this should be used instead, which is what happens when you
> run 'net cache flush'. The problem is, you shouldn't have to run the
> 'net' command at all and you didn't used to have to. If we could narrow
> it down to when it started not working correctly, it might help.
The admin there created a group via RSAT.
And that group was not visible/usable on the DM server.
Only after that I tried to figure out things on the shell, digging for
the group on both servers via getent and wbinfo.
Until here there was no decision for a uidNumber or gidNumber.
He did not set one via RSAT. Does he have to do that?
I then deleted the group via samba-tool and created it again:
samba-tool group create gfass --nis-domain=arbeitsgruppe --gid-number=10580
If this is wrong, I am happy to learn how to do that correctly.
I understand that running
wbinfo --group-info="gfass"
is problematic as long as the reported bug isn't fixed, correct?
thanks, Stefan
More information about the samba
mailing list