[Samba] Samba domain users AWOL from Samba file server.
John Redmond
barkingdoggy at gmail.com
Tue Oct 22 18:43:36 UTC 2019
Unfortunately, the the Ubuntu 18.04 samba-tool package doesn't have "user
show" as an option. The Windows ADUC tool shows user1 uidNumber =10001,
user2 uidNumber=10002, user3 uidNumber =10003, and user4 uidNumber=10004
Here are the getent command results on the file server/ domain member:
*admin at fsvr0:~$ getent passwd user1*
hq-user1:*:11103:10513::/home/lan/user1:/bin/bash
*admin at fsvr0:~$ getent passwd user2*
hq-user2:*:11106:10513::/home/lan/user2:/bin/bash
*admin at fsvr0:~$ getent passwd user3*
*admin at fsvr0:~$ getent passwd user4*
*admin at fsvr0:~$ getent group "Domain Users"*
domain_users:x:10513:user1,user2,user3,user4,administrator,krbtgt
On Tue, Oct 22, 2019 at 2:12 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 22/10/2019 18:58, John Redmond wrote:
> > Thanks, Rowland. Here's the smb.conf file on the Unix domain member.
> > I know you are not a fan of winbind enum, but I add it to see if it
> > helped.
>
> It isn't that I am not a fan of 'winbind enum', it is that it only does
> two things:
>
> It enumerates users and groups (which isn't actually required)
>
> It slows things down
>
> I would only use the two lines for testing purposes, once you are sure
> everything is working, I would suggest you comment them out.
>
> >
> > #/etc/samba/smb.conf
> > [global]
> >
> > workgroup = SAMDOM
> > realm = SAMDOM.EXAMPLE.COM <http://SAMDOM.EXAMPLE.COM>
> > security = ADS
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> > server string = Samba File Server %h (Ubuntu 18.04)
> >
> > idmap config * : backend = tbd
> > idmap config * : range = 3000-7999
> > idmap config SAMDOM : backend = ad
> > # idmap config SAMDOM : backend = rid
> > idmap config SAMDOM : schema_mode = rfc2307
> > idmap config SAMDOM : range = 10000-99999
> >
> > template homedir = /home/samdom/%U
> > template shell = /bin/bash
> >
> > winbind use default domain = true
> > winbind expand groups = 2
> > winbind refresh tickets = yes
> > winbind normalize names = yes
> > # winbind offline logon = yes
> > winbind nss info = rfc2307
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > domain master = no
> > local master = no
> > preferred master = no
> > # os level = 20
> > # map to guest = bad user
> > # host msdfs = no
> >
> > vfs objects = acl_xattr
> > map acl inherit = yes
> > store dos attributes = yes
> >
> > # dns proxy = no
> >
> > log file = /var/log/samba/log.%m
> > max log size = 1000
> >
> > syslog = 0
> > log level = 1
> > #auth:5 winbind:5
> >
> > #Disable printing completely
> > load printers = no
> > printing = bsd
> > printcap name = /dev/null
> > disable spoolss = yes
> >
> >
> > [profiles]
> > comment = User and group files
> > path = /home/lan
> > guest ok = no
> > browseable = no
> > create mask = 0600
> > directory mask = 0700
> >
> > [allusers]
> > comment = Company-wide files
> > path = /home/lan/allusers
> > guest ok = no
> > browseable = yes
> > create mask = 0600
> > directory mask = 0700
> >
> > [accounting]
> > comment = Bookkeeping and accounting files
> > path = /home/lan/accounting
> > guest ok = no
> > browseable = no
> > create mask = 0600
> > directory mask = 0700
>
> If you think that the missing users shouldn't be missing because they
> have the correct uidNumber attributes, then I suggest you check in AD,
> the easiest way would be to use samba-tool on the DC:
>
> samba-tool user show <username>
>
> Look for the uidNumber attribute
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list