[Samba] Samba with AD : SID rejected
Rowland Penny
rpenny at samba.org
Mon May 6 08:46:41 UTC 2019
On Mon, 6 May 2019 09:08:10 +0200
Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote:
> Hi,
>
> sorry for the mistake, I meaned
>
> getent passwd vincent shows nothing and I got in the log file:
>
> winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent.
>
> 'wbinfo -u | grep 'vincent' returns vincent, it's the good username.
>
Just because 'wbinfo' shows a user, doesn't mean that a Unix OS will
know the user, even if the smb.conf appears to be correct.
You originally posted this:
idmap config FOO:backend = ad
idmap config FOO:schema_mode = rfc2307
idmap config FOO:range = 10000-999999
idmap config FOO:unix_nss_info = yes
idmap config FOO:unix_primary_group = yes
So, does 'vincent' have a uidNumber attribute containing a number
inside the range '10000-99999999' AND either a gidnumber attribute
containing the gidNumber of an AD group, or does Domain
Users have gidNumber attribute ? The gidNumber must be inside the same
range.
Rowland
More information about the samba
mailing list