[Samba] winbind, nsswitch, AD and group membership caching?
kawazu428 at gmail.com
kawazu428 at gmail.com
Fri Jun 1 11:13:21 UTC 2018
Hi Rowland;
Am Freitag, den 01.06.2018, 11:42 +0100 schrieb Rowland Penny via
samba:
>
> OK, how are you running the Unix domain members ?
> Are you using the 'ad' or the 'rid' winbind backend ?
> If you are using the 'ad' backend, have you given the groups a
> gidNumber ?
>
Hmm, I only have these statements relating to winbind and idmap in my
smb.conf; this hasn't changed in ages on our samba systems but so far
we never tried to use this config for ssh login and really working with
multiple groups, just for user/group name mapping:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
Should I change that first statement (* backend) to ad then?
It does assign uids and gids as far as I can tell, but these seem in
some way "mixed up" too; while logging in via ssh or doing "groups",
the system complains that one or two group gids can't be resolved to
names.
> Try running 'net cache flush' on the Unix domain member.
>
Already tried that before, no result.
Best,
Kristian
More information about the samba
mailing list