[Samba] Samba domain users AWOL from Samba file server.
Rowland penny
rpenny at samba.org
Tue Oct 22 18:11:31 UTC 2019
On 22/10/2019 18:58, John Redmond wrote:
> Thanks, Rowland. Here's the smb.conf file on the Unix domain member.
> I know you are not a fan of winbind enum, but I add it to see if it
> helped.
It isn't that I am not a fan of 'winbind enum', it is that it only does
two things:
It enumerates users and groups (which isn't actually required)
It slows things down
I would only use the two lines for testing purposes, once you are sure
everything is working, I would suggest you comment them out.
>
> #/etc/samba/smb.conf
> [global]
>
> workgroup = SAMDOM
> realm = SAMDOM.EXAMPLE.COM <http://SAMDOM.EXAMPLE.COM>
> security = ADS
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> server string = Samba File Server %h (Ubuntu 18.04)
>
> idmap config * : backend = tbd
> idmap config * : range = 3000-7999
> idmap config SAMDOM : backend = ad
> # idmap config SAMDOM : backend = rid
> idmap config SAMDOM : schema_mode = rfc2307
> idmap config SAMDOM : range = 10000-99999
>
> template homedir = /home/samdom/%U
> template shell = /bin/bash
>
> winbind use default domain = true
> winbind expand groups = 2
> winbind refresh tickets = yes
> winbind normalize names = yes
> # winbind offline logon = yes
> winbind nss info = rfc2307
> winbind enum users = yes
> winbind enum groups = yes
>
> domain master = no
> local master = no
> preferred master = no
> # os level = 20
> # map to guest = bad user
> # host msdfs = no
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> # dns proxy = no
>
> log file = /var/log/samba/log.%m
> max log size = 1000
>
> syslog = 0
> log level = 1
> #auth:5 winbind:5
>
> #Disable printing completely
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
>
> [profiles]
> comment = User and group files
> path = /home/lan
> guest ok = no
> browseable = no
> create mask = 0600
> directory mask = 0700
>
> [allusers]
> comment = Company-wide files
> path = /home/lan/allusers
> guest ok = no
> browseable = yes
> create mask = 0600
> directory mask = 0700
>
> [accounting]
> comment = Bookkeeping and accounting files
> path = /home/lan/accounting
> guest ok = no
> browseable = no
> create mask = 0600
> directory mask = 0700
If you think that the missing users shouldn't be missing because they
have the correct uidNumber attributes, then I suggest you check in AD,
the easiest way would be to use samba-tool on the DC:
samba-tool user show <username>
Look for the uidNumber attribute
Rowland
More information about the samba
mailing list