[Samba] Domain member server: user access

Marco Gaiarin gaio at sv.lnf.it
Tue Sep 26 10:49:26 UTC 2017

Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> Im pretty sure this is a bug in the DC part. 

Ahem, sorry, but i'm lost in following this therad. I've hust setup my
test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,
lous) on a debian jessie.

Very minimal configuration:

 root at vdcsv1:~# samba-tool testparm
 Press enter to see a dump of your service definitions
 # Global parameters
 	netbios name = VDCSV1
 	realm = AD.FVG.LNF.IT
 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
 	workgroup = LNFFVG
 	server role = active directory domain controller
 	template homedir = /home/%U
 	template shell = /bin/bash
 	idmap_ldb:use rfc2307 = yes
 	path = /var/lib/samba/sysvol/ad.fvg.lnf.it/scripts
 	read only = No
 	path = /var/lib/samba/sysvol
 	read only = No

and i've created a user:

 samba-tool user add gaio --use-username-as-cn --surname=Gaiarin --given-name=Marco --unix-home=/home/gaio --uid=gaio --uid-number=10000 --gecos="Marco Gaiarin" --login-shell=/bin/bash

and now:

 root at vdcsv1:~# id gaio
 uid=10000(LNFFVG\gaio) gid=100(users) gruppi=100(users),10000(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)

 root at vdcsv1:~# getent group "Domain Users"
 LNFFVG\domain users:x:100:
 root at vdcsv1:~# wbinfo -G 100

I've done something wrong, or is the domain provisioning in samba-tool
that associate 'Domain Users' to gid 100?

Another question: there's no way to modify users and group with
samba-tool? I need to dron 'domain users' and recreate it? ;-)


dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list