[Samba] User mapping?
Rowland penny
rpenny at samba.org
Fri Aug 7 19:58:39 UTC 2020
On 07/08/2020 20:12, Simon Matthews wrote:
>
> The client is running CentOS 7:
>
> # cat /etc/redhat-release
> CentOS Linux release 7.8.2003 (Core)
>
> After another attempt, I have successfully joined the linux client to
> the domain:
>
> # net rpc join MEMBER -S raidserver -U root%<password>
> Using short domain name -- BLUE
> Joined 'TURQUOISE' to domain 'BLUE'
>
> Note that the hostname of the Linux client is actually "H2". Turquoise
> is a hold over from what it was earlier. "turquoise" resolves on the
> network:
>
> $ ping turquoise
> PING h2.sj.bps (192.168.254.105) 56(84) bytes of data.
> 64 bytes from h2.sj.bps (192.168.254.105): icmp_seq=1 ttl=64
> time=0.264 ms
I would suggest you stop it resolving if it has gone away.
>
> Client config:
> =========
>
> [global]
>
>
> workgroup = BLUE
> password server = raidserver
> security = domain
> idmap config * : range = 16777216-33554431
This is where your problems start, you do not have enough lines, I would
expect something like this:
idmap config * : backend = tdb
idmap config * : range = 100000-9999999
idmap config BLUE : backend = rid
idmap config BLUE : range = 500-99999
> template shell = /bin/false
> kerberos method = secrets only
You do not use kerberos with a PDC
> winbind use default domain = false
If you want to remove the domain name 'BLUE\' from users and groups,
change 'false' to 'yes'
>
> winbind offline logon = true
> username map = /etc/samba/usermap.txt # This file is empty.
>
> server string = Samba Server Version %v
>
> netbios name = TURQUOISE
If the clients name isn't 'turquoise' remove the above line and let
Samba set it for you.
> # client ntlmv2 auth = yes
> # ntlm auth = no
>
> interfaces = lo eth1
>
> local master = no
> os level = 20
> preferred master = no
>
> wins support = no
Might be an idea to replace the above line with 'wins server = <PDC IP>'
Add this line:
client max protocol = NT1
>
> Config on PDC (raidserver):
> =================
Not a lot wrong with the PDC smb.conf
Again, can I stress that it would be a very good idea to upgrade to AD,
Rowland
More information about the samba
mailing list