[Samba] security = ads parameter not working in samba 4.9.5

Sac Isilia udaypratap.singh65 at gmail.com
Thu Dec 12 10:47:13 UTC 2019 

Hi Rowland,

A million thanks for your excellent support all this time. The issue is
resolved by making the changes you suggested.

Also a dumb question - How can i join samba and have such killer debugging
skills?

Regards
Sachin Kumar

On Wed, 11 Dec 2019, 20:05 Rowland penny via samba, <samba at lists.samba.org>
wrote:

> On 11/12/2019 14:10, Sac Isilia wrote:
> > Hi Rowland,
> >
> > The good news is that server is joined to EMEA-MEDIA domain. But I can
> > not id my user however SID is returned when I run wbinfo.
> >
> > root at esmad1apl01:~# wbinfo -t
> > checking the trust secret for domain EMEA-MEDIA via RPC calls succeeded
> > root at esmad1apl01:~# wbinfo -m
> > BUILTIN
> > ESMAD1APL01
> > EMEA-MEDIA
> > INT
> > DMZ
> > EXPLIDO
> > WEST
> > RAN
> > LATAM
> > CC-GLOBAL
> > MBSINTL
> > GLOBAL
> > MEDIA
> > AP-MEDIA
> > MEDIAGROUP
> > PLC-GLOBAL
> > ECOMMERA0
> > GRUPOALESPORT
> > MITCH
> > JBCP
> > USCONCEPTS
> > MCGARRYBOWEN
> > AXDEV
> > AXTEST
> > GRUPOPPR
> > MGNTX
> > SWIRL-DS
> > BI
> > CORP
> > YMEDIA
> > FLOCK
> > MERKLE
> > root at esmad1apl01:~# id media\\skumar17
> > id: 'media\\skumar17': no such user
> > root at esmad1apl01:~# wbinfo -n media\\skumar17
> > S-1-5-21-781940509-1026920532-2428315864-69799 SID_USER (1)
> > root at esmad1apl01:~#
> >
> So, what I read from this is,  your 19 DCs are all in different
> workgroups and if you continue to use the winbind 'ad' backend, then you
> will need to add an 'idmap config' block for every DOMAIN and use
> different ranges for each DOMAIN.
>
> OR
>
> you can remove 'winbind use default domain = yes' and change:
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config EMEA-MEDIA : backend = ad
> idmap config EMEA-MEDIA : schema_mode = rfc2307
> idmap config EMEA-MEDIA : unix_nss_info = yes
> idmap config EMEA-MEDIA : range = 16777216-33554431
>
> To:
>
> idmap config * : backend = autorid
> idmap config * : range = 10000-9999999
>
> I think you need to fully explain your setup.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list