[Samba] Client machine not fetching user accounts from AD domain
Z Z
nirayah at gmail.com
Wed Dec 16 07:58:41 UTC 2020
Greetings Rowland.
Finally managed to upgrade the distro and Samba as well. Took me some time
since there are services running on the particular machine, so I had to
wait.
Happy to report that after the upgrade the problem is resolved.
I have one more question though. Can you tell me how often winbind updates
its cache? Because I feel like it's too slow. The changes I make on the
users/new users in the DC take some time to propagate.
Thanks again for your help
On Mon, Dec 14, 2020 at 10:39 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 14/12/2020 20:14, Z Z wrote:
> > Greetings Rowland.
> >
> > I'm a bit confused because I have another Debian server, joined pretty
> > much the same way (having single local user with matching name) but
> > this time, on this computer the AD record is honored first (*id peter*
> > provides ALL the records from the AD, even though there's local one
> > with local uid):
> >
> > *cat /etc/passwd:*
> > *peter:x:905:905::/home/peter:*
> >
> > Almost all of my domain members are CentOS machines, that's why I'm
> > not very familiar with Debian.
> > And yes, since I'm using the 'ad' backend I've manually added
> > uidNumber, gid attributes and they are within the specified range. As
> > I mentioned this config works flawlessly on many other machines.
> > I'm starting to think that something is wrong with the Debian itself.
> > It's a 9.4 version with Samba v 4.5.16
>
> First Debian 9 is old and Samba 4.5.16 is EOL as far as Samba is
> concerned, the latest Samba version is 4.13.2. Can I suggest you upgrade
> to Debian 10 and then use the samba packages from here:
> http://apt.van-belle.nl/
>
> This will get you a fully supported distro and the latest Samba.
>
> Next, stop using local users for anything more than local users, put all
> your users and groups into AD (except for one or two users that are also
> sudo users, just in case a problem arises with AD, do not put these
> users into AD as well), then make your AD users and groups into Unix
> users and groups by giving them a uidNumber or gidNumber. Unless you
> have a misconfiguration, local users or groups that are also in AD will
> always be used before the AD users or groups.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list