[Samba] security = ads, backend = ad parameter not working in samba 4.10.10
Sérgio Basto
sergio at serjux.com
Thu Dec 5 17:00:55 UTC 2019
On Thu, 2019-12-05 at 10:15 +0000, Rowland penny via samba wrote:
> On 05/12/2019 06:16, Sérgio Basto wrote:
> > Sorry , I spoke too soon getent passwd "a new user to this server"
> > doesn't work .
> > But wbinfo -u or wbinfo -g always worked perfectly in any case ,
> > why
> > getent don't ?
> >
> If 'wbinfo -u' works, 'getent passwd username' doesn't, then it
> points
> to a lack of, or wrong, rfc2307 attributes (if you are using the
> 'ad'
> backend).
>
> Any users you want to be visible to Unix, must have a uidNumber
> attribute containing a unique number inside the DOMAIN range set in
> smb.conf. You MUST also give Domain Users a gidNumber containing a
> number inside the same range.
yes, I use backend = ad , if configure backend = ad with realm [1] (as
you said is wrong ) every 'getent passwd username' give me a new
uidNumber or make a new uidNumber in sequence [1].
when I configure backend = ad with workgroup (as you said that must
have to be ) 'getent passwd username' don't produce any new id .
and in /var/log/samba/winbindd.log I see
Could not convert sid S-1-5-21-2685600491-4108878147-961307473-2662:
NT_STATUS_NO_SUCH_USER
[1]
idmap config CORP.LOCAL : backend = ad
[2]
root at repo:~# getent passwd "vmjp01"
vmjp01:*:1000019:1000000::/srv/samba/users/vmjp01:/bin/false
root at repo:~# getent passwd "maa001"
maa001:*:1000020:1000000::/srv/samba/users/maa001:/bin/false
root at repo:~# getent passwd "tsdg01"
tsdg01:*:1000021:1000000::/srv/samba/users/tsdg01:/bin/false
root at repo:~# getent passwd "rmac01"
rmac01:*:1000022:1000000::/srv/samba/users/rmac01:/bin/false
> Rowland
>
>
>
--
Sérgio M. B.
More information about the samba
mailing list