[Samba] Samba 4.6.7 AD, Netapp CDOT 9.2 and missing "Domain Users" membership

Giuseppe Ravasio giuseppe_ravasio at ch.modiano.com
Mon Oct 23 07:11:23 UTC 2017

On 10/20/2017 05:48 PM, Rowland Penny via samba wrote:
>> So I tried what is suggested in this thread:
>> https://lists.samba.org/archive/samba/2016-April/thread.html#199609
> I really should have said there that using '513' wasn't a good idea ;-)

ok I'll revert to 100 ;-)

> The only way to get the same IDs everywhere is to use the winbind
> 'ad' backend, you will need to give your users and groups RFC2307
> attributes though. Windows (when using RSAT) starts the IDs at
> '10000' and it is suggested to use that start number.

This means that even if I deployed the Domain with "--use-rfc2307" the
RFC2037 attributes are not already populated?

> If this is the DC, you don't need '
> sambatest1.modiano.com sambatest1' in /etc/hosts

Yep sorry for not trashing the line...
We are using an IP alias for ssh access and another one for samba.
so the sambatest1 is just the entry for the other ip alias.

>> Clustered DataONTAP seems to be missing thoose files, or they are not
>> accessible via regular system CLI.
>> There are a lot of CIFS related commands and if you can tell me what
>> you're looking for I could try searching the docs.
>> Anyway from Netapp is all working well l(Authentication, groups,
>> permissions, sharing etc etc) except when we try to use "Domain Users"
>> (and we think also Backup Operators) in ACLs.
>> In that case we can set the ACL with a Domain Admins user but the
>> other user that has only "Domain Users" permissions cannot access the
>> file because the system do not see him as member of the group
> Is this 'Netapp' thing running some form of Samba ?
> If so it must have a smb.conf somewhere.

As far as I know Netapp OS is not running some form of Samba.
And as usual they do not officially support Samba as DC :-(


More information about the samba mailing list