[Samba] Samba with AD : SID rejected
Rowland Penny
rpenny at samba.org
Fri May 3 13:54:52 UTC 2019
On Fri, 3 May 2019 13:22:20 +0200
Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote:
> Le 03/05/2019 à 13:10, Rowland Penny via samba a écrit :
> > On Fri, 3 May 2019 12:06:38 +0200
> > Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote:
> >
> >> Hi,
> >> Louis, Rowland, thanks for you answer.
> >>
> >> @Louis
> >> All packages were installed.
> >> I change my config file following your advices, the problem is
> >> still here. I already followed guides from thctlo's github.
> >>
> >> @Rowland
> >> Yes, my dns domain was different, but answered also to test.lan.
> >> It's now set to 'kdc=dc.foo.lab'
> >> I have my user vincent with uidNumber 10010 and gidNumber 13010
> >> (corresponding to Domain Users group).
> >>
> >>
> >> Getting SID from name (wbinfo -n) and name from SID (wbinfo -s)
> >> works . Commands with UID involved (wbinfo --sid-to-uid, wbinfo
> >> --uid-to-sid) work for my user vincent but not for the groups.
> >>
> >> Could it be a Windows problem ? Is there any changes in attributes
> >> between 2016 and 2019 ? (I use evaluation version of 2019, not yet
> >> a licence)
> >>
> > Whilst I think that there are attribute changes between 2016 & 2019,
> > they will have been additions rather than removal. Samba, when
> > using the winbind 'ad' on Unix domain members, relies on RFC2307
> > attributes and if you can add them to AD, you shouldn't have a
> > problem.
> >
> > I think your problem is more likely to be dns related. I note that
> > Louis pointed out that your kdc domain didn't seem to match your
> > Samba domain, so are all the machines in the same dns domain ?
> >
> > Rowland
>
> Yes, now I only have dc.foo.lab and share.foo.lab.
> Why some commands do work if it is a dns related problem ?
>
> Vincent
>
Because some commands work over RPC.
Rowland
More information about the samba
mailing list