[Samba] Winbind idmap partially fails to load attributes with 4.6.7 (Ubuntu 17.10)

Christian Naumer cn at brain-biotech.de
Sun Feb 18 07:25:38 UTC 2018 

Hello,
I think the configuration changed in 4.6. see here:

https://wiki.samba.org/index.php/Idmap_config_ad

Regards



> Am 18.02.2018 um 00:00 schrieb Andrey Repin via samba <samba at lists.samba.org>:
> 
> Greetings, All!
> 
> I'm stumbled upon an event I can't understand. Rolled out a new Ubuntu 17.10
> box in preparation for eventual 18.04 launch and… it just does not fly.
> 
> Here's a brief and apparent summary of the problem:
> 
> $ smbd -V; getent passwd anrdaemon
> 
> Version 4.3.11-Ubuntu (14.04, 16.04)
> anrdaemon:*:10000:10001:Andrey Repin,,,,umask=0027:/home/anrdaemon:/bin/bash
> 
> Version 4.6.7-Ubuntu (17.10)
> anrdaemon:*:10000:10001::/home/DARKDRAGON/anrdaemon:/bin/false
> 
> The data retrieved by 4.3.11 client is correct as written in AD.
> On 4.6.7, only UID:GID is correct. The rest comes from local template.
> 
> Both hosts are setup from the same script, with same set of related packages,
> with identical set of related configuration files (in fact, they were sourced
> from fame templates for this test)
> 
> Related installed modules: libnss-winbind, libpam-krb5.
> 
> nsswitch.conf and krb5.conf are exactly the same.
> 
> Here's a comprehensive run through the smb.conf on two hosts (thanks to GitHub):
> https://gist.github.com/AnrDaemon/d559668017220fabbba37528855e75f5/revisions
> 
> On all hosts I'm able to retrieve at least partial information, which means
> NSS somehow works, and I'm able to authenticate, making PAM working too.
> Of course, I get booted from 17.10 box due to wrong shell.
> 
> Any ideas?
> 
> 
> -- 
> With best regards,
> Andrey Repin
> Sunday, February 18, 2018 01:31:36
> 
> Sorry for my terrible english...
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Follow @BRAINbiotech on Twitter: https://twitter.com/BRAINbiotech
Read BRAIN's magazine: https://www.brain-biotech.de/blickwinkel

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller

More information about the samba mailing list