[Samba] security = ads, backend = ad parameter not working in samba 4.10.10
rpenny at samba.org
Thu Dec 5 17:15:17 UTC 2019
On 05/12/2019 17:00, Sérgio Basto wrote:
> On Thu, 2019-12-05 at 10:15 +0000, Rowland penny via samba wrote:
>> On 05/12/2019 06:16, Sérgio Basto wrote:
>>> Sorry , I spoke too soon getent passwd "a new user to this server"
>>> doesn't work .
>>> But wbinfo -u or wbinfo -g always worked perfectly in any case ,
>>> getent don't ?
>> If 'wbinfo -u' works, 'getent passwd username' doesn't, then it
>> to a lack of, or wrong, rfc2307 attributes (if you are using the
>> Any users you want to be visible to Unix, must have a uidNumber
>> attribute containing a unique number inside the DOMAIN range set in
>> smb.conf. You MUST also give Domain Users a gidNumber containing a
>> number inside the same range.
> yes, I use backend = ad , if configure backend = ad with realm  (as
> you said is wrong ) every 'getent passwd username' give me a new
> uidNumber or make a new uidNumber in sequence .
> when I configure backend = ad with workgroup (as you said that must
> have to be ) 'getent passwd username' don't produce any new id .
> and in /var/log/samba/winbindd.log I see
> Could not convert sid S-1-5-21-2685600491-4108878147-961307473-2662:
> idmap config CORP.LOCAL : backend = ad
> root at repo:~# getent passwd "vmjp01"
> root at repo:~# getent passwd "maa001"
> root at repo:~# getent passwd "tsdg01"
> root at repo:~# getent passwd "rmac01"
Have you added any RFC2307 attributes (uidNumber, gidNumber, etc) to
your users and groups in AD ?
More information about the samba