[Samba] setting up a new ADS infrastructure
Stefan Froehlich
samba at froehlich.priv.at
Fri Jun 14 04:50:25 UTC 2019
On Thu, Jun 13, 2019 at 08:10:01PM +0100, Rowland penny via samba wrote:
> On 13/06/2019 19:57, Stefan Froehlich via samba wrote:
> >On Thu, Jun 13, 2019 at 07:02:27PM +0100, Rowland penny via samba wrote:
> >>On 13/06/2019 18:21, Stefan Froehlich via samba wrote:
> >>>File server and Linux clients shall use the AD-backend, so I read
> >>>and followed <https://wiki.samba.org/index.php/Idmap_config_ad>.
> >>I thought that was plain enough, but obviously not ;-)
> >Yes and no.
> I will try and make it more obvious.
A small hint how to set the gidNumber would be enough (in my case,
that is).
> >$ samba-tool user add --gid-number --uid-number
> >$ samba-tool group add --gid-number
> >
> >...so I was looking for a corresponding option of "samba-tool
> >domain provision" or for something named like "samba-tool group
> >modify".
> No there isn't I am afraid.
Which might be a problem for people with no ldap experience at all,
but otherwise this is only a luxury problem.
> >And - heureka! - now it does:
> >
> >| root at fileserver:~# wbinfo -i test
> >| test:*:10001:10000::/home/test:/bin/bash
> >
> >So for the moment I can continue - let's see if anything else
> >comes up.
>
> It already might have ;-)
>
> wbinfo reads directly from AD, but doesn't mean that the OS knows
> your users & groups, does 'getent passwd test' produce the same
> output ?
Fortunately yes, and as I can do ssh logins with this account, even
based on group membership, the unix side of the job seems to be
quite settled. The windows side will have to wait a little bit as it
requires my physical presence.
The only cosmetic thing is that I still get this in my log files:
| [2019/06/14 06:04:22.007350, 4] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
| dump_workgroups()
| dump workgroup on subnet 192.168.1.13: netmask= 255.255.255.0:
| WORKGROUP(1) current master browser = CONTROLLER
| CONTROLLER 40849a03 (Samba 4.9.5-Debian)
| MAC01 40001003 (Mac01)
| RNP002673E572C4 40000203 ()
| [2019/06/14 06:04:22.007420, 4] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
| find_workgroup_on_subnet: workgroup search for SAMDOM on subnet 192.168.1.13: not found.
| [2019/06/14 06:04:22.007432, 0] ../source3/nmbd/nmbd_serverlistdb.c:340(write_browse_list)
| write_browse_list: Fatal error - cannot find my workgroup SAMDOM
| [2019/06/14 06:04:22.007448, 4] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
| find_workgroup_on_subnet: workgroup search for SAMDOM on subnet UNICAST_SUBNET: not found.
| [2019/06/14 06:04:22.007457, 0] ../source3/nmbd/nmbd_browsesync.c:595(collect_all_workgroup_names_from_wins_server)
| collect_all_workgroup_names_from_wins_server:
| Cannot find my workgroup SAMDOM on subnet UNICAST_SUBNET.
| [2019/06/14 06:04:22.007469, 4] ../source3/nmbd/nmbd_workgroupdb.c:165(find_workgroup_on_subnet)
| find_workgroup_on_subnet: workgroup search for SAMDOM on subnet UNICAST_SUBNET: not found.
I do not see any practical problems resulting from this up to now,
so I won't further investigate it, but if this is pointing to
something really obvious mistake, I'd of course fix it.
Bye,
Stefan
--
Stefan konnte immer schon mehr als Spaß machen!
Sloganizer, https://www.poetron-zone.de/
More information about the samba
mailing list