[Samba] debian 10: errors with my server samba-ad

Rowland penny rpenny at samba.org
Tue May 14 08:51:23 UTC 2019 

On 14/05/2019 09:27, nathalie ramat via samba wrote:
> hi,
>
> I modified my file named.conf.options .
> When i use dig lenzspitze2.calais.fr I get an answer which contain 
> answer section, authority section and additional section.
>
> I haven't map "Domain users" into "user"
>
> I recover the last number of sid for the uidnumber and the last number 
> for sid group for gidnumber


It isn't recommended to do that any more, RID's start at '1000' and so 
do local Unix ID's, try starting at the same number that ADUC uses '10000'

>
> But getent passwd testlundi give me this response :
>
> LENZSPITZE2\testlundi:*:1108:100:testlundi:/home/LENZSPITZE2/testlundi:/bin/bash 
>
>
> The uidnumber is good but not the gidnumber.

I personally don't think the uidNumber is good (see above), but unless 
you give 'Domain Users' a gidNumber, the users GID will always be '100', 
but only on a the DC, on any Unix domain members (using the winbind 'ad' 
backend) you will get no AD users.

You also do not need to do any of the this if you are either only going 
to use the DC for authentication or as the only Unix fileserver (no 
other Unix computers).

>
> getent group specifique
>
> LENZSPITZE2\specifique:x:1105:
>
This will never be used as the users primary group on a Samba AD DC.


>
> I have always  this response when I run smbclient -L localhost -U 
> administrator on my server
>
> Enter LENZSPITZE2\administrator's password:
>
>     Sharename       Type      Comment
>     ---------       ----      -------
>     netlogon        Disk
>     sysvol          Disk
>     IPC$            IPC       IPC Service (Samba 4.9.5-Debian)
> Reconnecting with SMB1 for workgroup listing.
>
>     Server               Comment
>     ---------            -------
>
>     Workgroup            Master
>     ---------            -------
>
>
> I don't have any information for my server.


Neither do I, this is because there is no network browsing on a DC.

>
> when I run the command smbclient -L debiantest -U administrator on my 
> client linux I have no response .
>
> but I can ping debiantest and dig debiantest.lenzspitze2.calais.fr 
> give me a response
>
> I am a little confused. I don't know how to search
>
Try the command like this:

smbclient -L localhost -N

Rowland

More information about the samba mailing list