[Samba] Samba 4.3.13 logon oddity on Solaris 10
Bernd Markgraf
bernd.markgraf at med.ovgu.de
Mon Jul 2 10:04:10 UTC 2018
Do you agree that this is a valid smb.conf that should work:
[global]
security = ADS
encrypt passwords = yes
workgroup = MD-DZNE
realm = MAGDEBURG.DZNE.DS
log file = /opt/samba4/var/log/%m.log
log level = 1
idmap config *:backend = tdb
idmap config *:range = 3000-7999
idmap config MD-DZNE:backend = ad
idmap config MD-DZNE:schema_mode = rfc2307
idmap config MD-DZNE:range = 10000-999999
winbind nss info = rfc2307
winbind use default domain = yes
winbind enum users = Yes
winbind enum groups = Yes
kerberos method = system keytab
> You would need to run (as root) 'net cache flush' after changing to
> winbind.
I've done that and I still see the same symptoms. All UID/GID are
still -1.
> > > > Where do I dig next?
> > >
> > > You could try reading this:
> > >
> > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Mem
> > > ber
> > Apart from skipping the * lines in smb.conf that's what I used.
> And you need those lines, without them, there is nowhere to store and
> allocate IDs for the 'Well known SIDs'
I already had those before my last mail. So if the above config should
work, where do I poke next to find out why it fails the authenticate
users on the first connection attempt and why winbindd/wbinfo return
all UID/GID as -1
> All I can tell you is, With a correctly set up smb.conf on a Unix
> domain member, you do not need ldap for authentication, yes there may
> be times when you need to carry out an ldapsearch, but most of the
> time you can use kerberos instead.
Regardless of using LDAP directly or winbindd it fails to return the ID
numbers which are present in the user objects when I use Samba's tools.
If above config is valid and should work, it is a bug a would like to
see fixed and I am willing to help as much as I can with that.
Bernd
More information about the samba
mailing list