[Samba] Domain member server not getting updated AD attributes
Viktor Trojanovic
viktor at troja.ch
Sun May 13 12:09:23 UTC 2018
Hi Rowland,
On 13 May 2018 at 13:38, Rowland Penny via samba <samba at lists.samba.org>
wrote:
> On Sun, 13 May 2018 11:58:52 +0200
> Viktor Trojanovic via samba <samba at lists.samba.org> wrote:
>
> > I'm running a pure Samba AD with one Samba AD DC and one member
> > server, both on version 4.8.1.
>
> Are you sure AD is working correctly ?
> I ask this because there is a bug that comes into play if try to
> upgrade a DC to 4.8.0.or 4.8.1 from an earlier version.
>
>
I have not noticed any other issues. Users can log in, GPOs are being
properly applied, the event viewer in Windows is not complaining either..
anything specific to look for? If it matters, I'm on Arch, and I only just
updated Samba, most likely directly from a version pre-4.60 and not from
4.80.
> > Member Server smb.conf (without shares)
> > -------------------------------------
> >
> > [global]
>
> > idmap config SAMDOM:backend = ad
> > idmap config SAMDOM:schema_mode = rfc2307
> > idmap config SAMDOM:range = 10000-99999
> >
> > winbind nss info = rfc2307
>
> This could be your problem,the idmap_config lines changed at 4.6.0, it
> should now be:
>
> idmap config SAMDOM:backend = ad
> idmap config SAMDOM:schema_mode = rfc2307
> idmap config SAMDOM:range = 10000-99999
> idmap config SAMDOM : unix_nss_info = yes
>
> You should also remove the 'winbind nss info' line
>
> Then run 'net cache flush' on the Unix domain member'
>
> Rowland
>
>
That seems to have done the trick - getent finally shows the correct user
number. Thanks for that. If anyone else should come accross the same issue
and wants to know more, check out:
https://wiki.samba.org/index.php/Idmap_config_ad
Viktor
More information about the samba
mailing list