[Samba] Samba domain users AWOL from Samba file server.

John Redmond barkingdoggy at gmail.com
Tue Oct 22 18:43:36 UTC 2019


Unfortunately, the the Ubuntu 18.04 samba-tool package doesn't have "user
show" as an option.  The Windows ADUC tool shows user1 uidNumber =10001,
user2 uidNumber=10002,  user3 uidNumber =10003, and user4 uidNumber=10004

Here are the getent command results on the file server/ domain member:

*admin at fsvr0:~$ getent passwd user1*
hq-user1:*:11103:10513::/home/lan/user1:/bin/bash
*admin at fsvr0:~$ getent passwd user2*
hq-user2:*:11106:10513::/home/lan/user2:/bin/bash
*admin at fsvr0:~$ getent passwd user3*
*admin at fsvr0:~$ getent passwd user4*
*admin at fsvr0:~$ getent group "Domain Users"*
domain_users:x:10513:user1,user2,user3,user4,administrator,krbtgt


On Tue, Oct 22, 2019 at 2:12 PM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 22/10/2019 18:58, John Redmond wrote:
> > Thanks, Rowland.  Here's the smb.conf file on the Unix domain member.
> > I know you are not a fan of winbind enum, but I add it to see if it
> > helped.
>
> It isn't that I am not a fan of 'winbind enum', it is that it only does
> two things:
>
> It enumerates users and groups (which isn't actually required)
>
> It slows things down
>
> I would only use the two lines for testing purposes, once you are sure
> everything is working, I would suggest you comment them out.
>
> >
> > #/etc/samba/smb.conf
> > [global]
> >
> >    workgroup = SAMDOM
> >    realm = SAMDOM.EXAMPLE.COM <http://SAMDOM.EXAMPLE.COM>
> >    security = ADS
> >    dedicated keytab file = /etc/krb5.keytab
> >    kerberos method = secrets and keytab
> >    server string = Samba File Server %h (Ubuntu 18.04)
> >
> >    idmap config * : backend = tbd
> >    idmap config * : range = 3000-7999
> >    idmap config SAMDOM : backend = ad
> > #   idmap config SAMDOM : backend = rid
> >    idmap config SAMDOM : schema_mode = rfc2307
> >    idmap config SAMDOM : range = 10000-99999
> >
> >    template homedir = /home/samdom/%U
> >    template shell = /bin/bash
> >
> >    winbind use default domain = true
> >    winbind expand groups = 2
> >    winbind refresh tickets = yes
> >    winbind normalize names = yes
> > #   winbind offline logon = yes
> >    winbind nss info = rfc2307
> >    winbind enum users = yes
> >    winbind enum groups = yes
> >
> >    domain master = no
> >    local master = no
> >    preferred master = no
> > #   os level = 20
> > #   map to guest = bad user
> > #   host msdfs = no
> >
> >    vfs objects = acl_xattr
> >    map acl inherit = yes
> >    store dos attributes = yes
> >
> > #   dns proxy = no
> >
> >    log file = /var/log/samba/log.%m
> >    max log size = 1000
> >
> >    syslog = 0
> >    log level = 1
> > #auth:5 winbind:5
> >
> > #Disable printing completely
> >    load printers = no
> >    printing = bsd
> >    printcap name = /dev/null
> >    disable spoolss = yes
> >
> >
> > [profiles]
> >    comment = User and group files
> >    path = /home/lan
> >    guest ok = no
> >    browseable = no
> >    create mask = 0600
> >    directory mask = 0700
> >
> > [allusers]
> >    comment = Company-wide files
> >    path = /home/lan/allusers
> >    guest ok = no
> >    browseable = yes
> >    create mask = 0600
> >    directory mask = 0700
> >
> > [accounting]
> >    comment = Bookkeeping and accounting files
> >    path = /home/lan/accounting
> >    guest ok = no
> >    browseable = no
> >    create mask = 0600
> >    directory mask = 0700
>
> If you think that the missing users shouldn't be missing because they
> have the correct uidNumber attributes, then I suggest you check in AD,
> the easiest way would be to use samba-tool on the DC:
>
> samba-tool user show <username>
>
> Look for the uidNumber attribute
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list