[Samba] Missing group membership of user on domain member
Andreas Hauffe
andreas.hauffe at tu-dresden.de
Wed Dec 9 10:23:36 UTC 2020
Hello,
I'm still struggling with this problem. Is it possible, that group
membership for the users of DOM is somehow taken from the DOM DCs and
not from the ILRW DCs. This could result in the missing domain local
groups. But I don't know, if this is realistic.
Regards,
Andreas
Am 30.11.20 um 09:27 schrieb Andreas Hauffe via samba:
> Hello,
>
> we have a fileserver (nfs4/krb5) running as domain member (Debian 10,
> Samba 4.13.2, winbind). This server is member of the domain ILRW,
> which itself is a subdomain of DOM. All users are defined in DOM and
> the groups are domain local groups defined in ILRW. For some users
> winbind does not list the domain local groups of ILRW (wbinfo
> --user-groups $USERNAME), so the users are not able to access
> resources via NFS4. I already tried to remove the /usr/local/samba
> folder completely, recompile (install) samba and rejoin it to the ILRW
> domain. So I hope there shouldn't be any cache issues. Can somebody
> give a hint, how solve this problem?
>
> smb.conf
>
> [global]
> bind interfaces only = Yes
> dedicated keytab file = /etc/krb5.keytab
> interfaces = lo enp1s0f0
> kerberos method = secrets and keytab
> realm = ILRW.ING.DOM.TU-DRESDEN.DE
> security = ADS
> server min protocol = SMB3_00
> template homedir = /home/users/linux/%U
> template shell = /bin/bash
> winbind refresh tickets = Yes
> winbind separator = +
> workgroup = ILRW
> idmap config * : range = 2000-2999
> idmap config ilrw : backend = rid
> idmap config ilrw : range = 3000-9999 # UID aus RID für POOL
> idmap config dom : backend = rid
> idmap config dom : range = 10000-9999999 # UID aus RID für DOM
> idmap config * : backend = tdb
>
> Regards,
> Andreas
>
>
More information about the samba
mailing list