[Samba] sometimes users fails to login
Andrea Cucciarre'
acucciarre at cloudian.com
Tue Mar 19 16:49:04 UTC 2019
Actually the system is running Samba 4.5, so "winbind nss info" entry
should be OK.
My understanding is that winbind run somenthing like an LDAP search to
get the uidNumber, so may be just to check I can run the following
command when the issue is present:
/opt/samba/bin/net ads search "(SAMAccountName=<user name>)" uidnumber
-U Administrator
Thanks
Andrea
Il 3/18/2019 9:33 PM, Rowland Penny via samba ha scritto:
> On Mon, 18 Mar 2019 18:43:54 +0100
> Andrea Cucciarre' <acucciarre at cloudian.com> wrote:
>
>> Hello,
>>
>> Still fighting on this issue, now sometimes I get the following (may
>> be) relevant errors:
>>
> I have shortened your smb.conf to just the problem areas ;-)
>
>> Hereafter my smb.conf:
>>
>> [global]
>> idmap config * : backend = tdb
>> idmap config * : range = 30000-40000
>> idmap config * : schema_mode = rfc2307
> You do not use the line above with the default '*' domain
>
>> idmap config BITINTRA : backend = ad
>> idmap config BITINTRA : range = 1000000-3000000
>> idmap config BITINTRA : schema_mode = rfc2307
>> idmap config BUILTIN : backend = ad
>> idmap config BUILTIN : range = 10000001-11000000
>> idmap config BUILTIN : schema_mode = rfc2307
> The BUILTIN domain is covered by the default '*' domain, so shouldn't
> be set in smb.conf
>
>> winbind nss info = rfc2307
> If I remember correctly, you are using Samba 4.6.x and the above line
> has been replaced by:
>
> idmap config DOMAIN : unix_nss_info = yes
>
> Which needs setting on all the 'idmap config' blocks e.g.
>
> idmap config BITINTRA : backend = ad
> idmap config BITINTRA : range = 1000000-3000000
> idmap config BITINTRA : schema_mode = rfc2307
> idmap config BITINTRA : unix_nss_info = yes
>
> Finally, do you have trusts setup to all the Domains ?
>
> Rowland
>
More information about the samba
mailing list