[Samba] Access to Windows 2016 server works with IP but not with netbios name
rpenny at samba.org
Sun Jan 14 17:02:50 UTC 2018
On Sun, 14 Jan 2018 11:43:00 -0500
Gaeseric Vandal via samba <samba at lists.samba.org> wrote:
> Just for reference, on a working Samba 4.x server in an AD domain I
> have the following entries
> Idmap config *:backend = tdb
> Idmap config *:range = 2000-2999
> Idmap config MYDOMAIN:backend = ad
> Idmap config MYDOMAIN:schema_mode = rfc2307
> Idmap config *:range = 1000-1999
Are you sure this works ? The last line should be:
idmap config MYDOMAIN : range = 1000-1999
However, using '1000-1999' isn't really a good idea.
Also, these lines will not work with Samba version 4.6.0 onwards.
> I use active directory users and groups to explicitly set the uid and
> gid numbers (this was to keep everything happy when migrating from a
> classic domain.) The "*" range in idmap will handle accounts that
> are not in the domain (which there really shouldn't be any.)
Oh yes there should be, check out all the 'BUILTIN' users and groups.
> The "getent passwd' command verifies that the winbind entry in
> nsswitch is working.
Only if you have the 'winbind enum' lines in smb conf set to 'yes' and
this isn't recommended. 'getent passwd username' will work without the
'wimbind enum' lines
> You should also fine that "wbinfo -n
> someuser" and "wbinfo -n YOURDOMAIN\someuser" should return the same
> SID. And "wbinfo -s someid" should return the correct
> "YOURDOMAIN\someuser" value.
> I really don't understand why the this should behave differently when
> connecting to server IP vs server name. The various logs on the
> samba server should show if you are seeing connection attempts from
> "YOURDOMAIN\someuser" or use "someuser" and is maybe mapping the
> users differently. You might need to bump up the logging level.
It is probably because he hasn't got smb.conf set up correctly, but
raising the log level is a good idea.
More information about the samba