[Samba] (typo fix) Re: security = ads, backend = ad parameter not working in samba 4.10.10

Sérgio Basto sergio at serjux.com
Thu Dec 5 17:54:40 UTC 2019


On Thu, 2019-12-05 at 17:45 +0000, Rowland penny via samba wrote:
> On 05/12/2019 17:30, Sérgio Basto wrote:
> > On Thu, 2019-12-05 at 17:15 +0000, Rowland penny via samba wrote:
> > > On 05/12/2019 17:00, Sérgio Basto wrote:
> > > > On Thu, 2019-12-05 at 10:15 +0000, Rowland penny via samba
> > > > wrote:
> > > > > On 05/12/2019 06:16, Sérgio Basto wrote:
> > > > > > Sorry , I spoke too soon getent passwd "a new user to this
> > > > > > server"
> > > > > > doesn't work .
> > > > > > But wbinfo -u or wbinfo -g always worked perfectly in any
> > > > > > case
> > > > > > ,
> > > > > > why
> > > > > > getent don't ?
> > > > > > 
> > > > > If 'wbinfo -u' works, 'getent passwd username' doesn't, then
> > > > > it
> > > > > points
> > > > > to a lack of, or wrong, rfc2307 attributes (if you are using
> > > > > the
> > > > > 'ad'
> > > > > backend).
> > > > > 
> > > > > Any users you want to be visible to Unix, must have a
> > > > > uidNumber
> > > > > attribute containing a unique number inside the DOMAIN range
> > > > > set
> > > > > in
> > > > > smb.conf. You MUST also give Domain Users a gidNumber
> > > > > containing
> > > > > a
> > > > > number inside the same range.
> > > > yes, I use backend = ad , if configure backend = ad with realm
> > > > [1]
> > > > (as
> > > > you said is wrong ) every 'getent passwd username' give me a
> > > > new
> > > > uidNumber or make a new uidNumber in sequence [1].
> > > > when I  configure backend = ad with workgroup (as you said that
> > > > must
> > > > have to be ) 'getent passwd username' don't produce any new id
> > > > .
> > > > and in /var/log/samba/winbindd.log I see
> > > > Could not convert sid S-1-5-21-2685600491-4108878147-961307473-
> > > > 2662:
> > > > NT_STATUS_NO_SUCH_USER
> > > > 
> > > > 
> > > > [1]
> > > > idmap config CORP.LOCAL : backend = ad
> > > > 
> > > > [2]
> > > > root at repo:~# getent passwd "vmjp01"
> > > > vmjp01:*:1000019:1000000::/srv/samba/users/vmjp01:/bin/false
> > > > root at repo:~# getent passwd "maa001"
> > > > maa001:*:1000020:1000000::/srv/samba/users/maa001:/bin/false
> > > > root at repo:~# getent passwd "tsdg01"
> > > > tsdg01:*:1000021:1000000::/srv/samba/users/tsdg01:/bin/false
> > > > root at repo:~# getent passwd "rmac01"
> > > > rmac01:*:1000022:1000000::/srv/samba/users/rmac01:/bin/false
> > > > 
> > > > 
> > > > 
> > > > > Rowland
> > > > > 
> > > > > 
> > > > > 
> > > Have you added any RFC2307 attributes (uidNumber, gidNumber, etc)
> > > to
> > > your users and groups in AD ?
> > Users is AD was migrated from one SAMBA sernet 4.0.0 , I don't know
> > but
> > I think not , what you recommend ?
> > I don't find ATM the scripts to convert users but I used ldb tools
> > ...
> 
> If you do not have any uidNumber and gidNumber attributes in AD,
> then 
> the winbind 'ad' backend will not work, try the 'rid' backend
> instead.

ah ok , now this starts to make sense , but I want add a new uidNumber
and gidNumber to every user and group in AD , how I can do that  ? 

Many thanks for the support 

> Rowland
> 
> 
> 
> 
-- 
Sérgio M. B.


-- 
Sérgio M. B.




More information about the samba mailing list