[Samba] Permission issue
PGhimire at sundata.com.au
Fri Feb 8 12:12:34 UTC 2019
The user's ID range would have been below 3600, the current max rid is 3506
The links have been setup following this link, then restarted the samba-ad-dc service
I followed the following to configure the winbindd stuff,
template shell = /bin/bash
template homedir = /home/%U
9833 pts/0 S+ 0:00 \_ grep --color=auto winbind
17196 ? Ss 0:00 | \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
17199 ? S 0:01 | \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: Friday, 8 February 2019 8:01 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Permission issue
On Fri, 8 Feb 2019 06:22:05 +0000
Praveen Ghimire via samba <samba at lists.samba.org> wrote:
> We did a classicupgrade of our Ubuntu Server (4.3.11, TDB), the server
> DC5 also host shares. Post the migration we are seeing some permission
> When trying to give permission to a domain group/user to folder/file
> we get the following
> chown "LIN\\myadmin:LIN\\adgroup" adtest/
> chown: invalid user: 'LIN\\myadmin:LIN\\adgroup'
> wbinfo --ping-dc : checking the NETLOGON for domain[LIN] dc connection
> to "dc5.LIN.group" succeeded
> The getent group comes up with no results getent group "LIN\\adgroup"
> getent passwd "LIN\\mygroup"
> Here is the smb.conf
> workgroup = LIN
> realm = LIN.GROUP
> netbios name = dc5
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/log.%m
> log level = 1
> winbind nss info = rfc2307
> idmap config * : backend = tdb
> idmap config * : range = 4000-7999
> idmap config LIN:backend = ad
> idmap config LIN:schema_mode = rfc2307
> idmap config LIN:range = 10000-999999
OK, you classicupgraded your NT4-style PDC to an AD DC, did your users have ID's in the '10000-999999' range before the upgrade ?
Have you set up the libnss-winbind links ?
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> # Template settings for login shell and home directory
> template shell = /bin/bash
> template homedir = /home/%U
> here is nsswitch.conf
> passwd: files winbind
> group: files winbind
> shadow: compat
> If the group in question exist in /etc/group it works, because it is
> local. But if the group is new or if the group has been removed from
> /etc/group and AD it doesn't.
> We have added the SeDiskOperatorPrivilege to the user making the chown
> Any suggestions?
> Praveen Ghimire
To unsubscribe from this list go to the following URL and read the
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
More information about the samba