[Samba] Domain member server: user access
Stefan G. Weichinger
lists at xunil.at
Mon Sep 25 14:39:50 UTC 2017
Am 2017-09-25 um 16:29 schrieb Rowland Penny via samba:
>> DC # samba-tool user create kamleitnerl Le26xxx
>> --nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl
>> --uid-number=10070 --login-shell=/bin/false --gid-number=100
>>
>
> Where did you get the GID '100' from ?
> Is this the gidNumber for Domain Users ?
I think so:
# wbinfo --gid-info=100
ARBEITSGRUPPE\domain users:x:100:
?
> Can you please post the smb.conf from the DC and DM.
Sure. We had both in an earlier thread, btw, but here again:
DC:
# samba-tool testparm
Press enter to see a dump of your service definitions
# Global parameters
[global]
netbios name = BACKUP
realm = ARBEITSGRUPPE.MY.TLD
workgroup = ARBEITSGRUPPE
dns forwarder = 10.0.0.254
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/arbeitsgruppe.my.tld/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
DM:
# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[Daten]"
Processing section "[Scans_Plotter]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
realm = ARBEITSGRUPPE.MY.TLD
workgroup = ARBEITSGRUPPE
log file = /var/log/samba/%m.log
load printers = No
printcap name = /dev/null
security = ADS
username map = /etc/samba/user.map
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind use default domain = Yes
idmap config arbeitsgruppe:schema_mode = rfc2307
idmap config arbeitsgruppe:range = 10000-9999999
idmap config arbeitsgruppe:backend = ad
idmap config * : range = 2000-2999
idmap config * : backend = tdb
...
thx, Stefan
More information about the samba
mailing list