[Samba] User mapping?

Rowland penny rpenny at samba.org
Fri Aug 7 19:58:39 UTC 2020


On 07/08/2020 20:12, Simon Matthews wrote:
>
> The client is running CentOS 7:
>
> # cat /etc/redhat-release
> CentOS Linux release 7.8.2003 (Core)
>
> After another attempt, I have successfully joined the linux client to
> the domain:
>
> # net rpc join MEMBER  -S raidserver -U root%<password>
> Using short domain name -- BLUE
> Joined 'TURQUOISE' to domain 'BLUE'
>
> Note that the hostname of the Linux client is actually "H2". Turquoise
> is a hold over from what it was earlier. "turquoise" resolves on the
> network:
>
> $ ping turquoise
> PING h2.sj.bps (192.168.254.105) 56(84) bytes of data.
> 64 bytes from h2.sj.bps (192.168.254.105): icmp_seq=1 ttl=64 
> time=0.264 ms
I would suggest you stop it resolving if it has gone away.
>
> Client config:
> =========
>
> [global]
>
>
>    workgroup = BLUE
>    password server = raidserver
>    security = domain
>    idmap config * : range = 16777216-33554431

This is where your problems start, you do not have enough lines, I would 
expect something like this:

     idmap config * : backend = tdb
     idmap config * : range = 100000-9999999
     idmap config BLUE : backend = rid
     idmap config BLUE : range = 500-99999

> template shell = /bin/false
>    kerberos method = secrets only
You do not use kerberos with a PDC
> winbind use default domain = false
If you want to remove the domain name 'BLUE\' from users and groups, 
change 'false' to 'yes'
>
>    winbind offline logon = true
>    username map = /etc/samba/usermap.txt    # This file is empty.
>
>     server string = Samba Server Version %v
>
>     netbios name = TURQUOISE
If the clients name isn't 'turquoise' remove the above line and let 
Samba set it for you.
> # client ntlmv2 auth = yes
>     # ntlm auth = no
>
>     interfaces = lo eth1
>
>     local master = no
>     os level = 20
>     preferred master = no
>
>     wins support = no

Might be an idea to replace the above line with 'wins server = <PDC IP>'

Add this line:

client max protocol = NT1

>
> Config on PDC (raidserver):
> =================

Not a lot wrong with the PDC smb.conf

Again, can I stress that it would be a very good idea to upgrade to AD,

Rowland






More information about the samba mailing list