[Samba] Samba with AD : SID rejected
Vincent Ducot
vincent.ducot at rubycat-labs.com
Fri May 3 11:22:20 UTC 2019
Le 03/05/2019 à 13:10, Rowland Penny via samba a écrit :
> On Fri, 3 May 2019 12:06:38 +0200
> Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote:
>
>> Hi,
>> Louis, Rowland, thanks for you answer.
>>
>> @Louis
>> All packages were installed.
>> I change my config file following your advices, the problem is still
>> here. I already followed guides from thctlo's github.
>>
>> @Rowland
>> Yes, my dns domain was different, but answered also to test.lan. It's
>> now set to 'kdc=dc.foo.lab'
>> I have my user vincent with uidNumber 10010 and gidNumber 13010
>> (corresponding to Domain Users group).
>>
>>
>> Getting SID from name (wbinfo -n) and name from SID (wbinfo -s)
>> works . Commands with UID involved (wbinfo --sid-to-uid, wbinfo
>> --uid-to-sid) work for my user vincent but not for the groups.
>>
>> Could it be a Windows problem ? Is there any changes in attributes
>> between 2016 and 2019 ? (I use evaluation version of 2019, not yet a
>> licence)
>>
> Whilst I think that there are attribute changes between 2016 & 2019,
> they will have been additions rather than removal. Samba, when using the
> winbind 'ad' on Unix domain members, relies on RFC2307 attributes and
> if you can add them to AD, you shouldn't have a problem.
>
> I think your problem is more likely to be dns related. I note that
> Louis pointed out that your kdc domain didn't seem to match your Samba
> domain, so are all the machines in the same dns domain ?
>
> Rowland
Yes, now I only have dc.foo.lab and share.foo.lab.
Why some commands do work if it is a dns related problem ?
Vincent
More information about the samba
mailing list