[Samba] Unable to get primary group information when using AD authentication with samba-4.10.4
Rowland penny
rpenny at samba.org
Fri Feb 21 09:09:53 UTC 2020
On 21/02/2020 04:54, Goto, Ryoichi wrote:
> Thank you for very easy-to-understand and courteous advice.
I reread your initial post and noticed something that I missed earlier,
you had in smb.conf:
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
Yet, you were getting results like this:
id user01
uid=2001107(user01) gid=2000513(domain users) groups=2000513(domain
users),2001107(oec0814e),2001103(group01)
'2000513' is less than '16777216'
Are you sure that you do not have sssd installed ?
On top of the Samba packages you have installed, I would also expect:
samba.x86_64
samba-client-libs
samba-common
samba-common-tools
samba-winbind-clients
/etc/krb5 should just be this:
[libdefaults]
default_realm = TESTDOM.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
Also, remove the link:
rm -rf /etc/krb5.conf.d/crypto-policies
On a Centos 8 Unix domain member using the winbind 'rid' backend:
getent passwd rowland
rowland:*:11107:10513::/home/rowland:/bin/bash
Change to using the 'ad' backend, restart Samba and run 'net cache flush' :
getent passwd rowland
rowland:*:10000:10010:Rowland Penny:/home/rowland:/bin/bash
id rowland
uid=10000(rowland) gid=10010(group12) groups=10010(group12),10000(domain
users),
I hope you can see that before the change 'rowland' had 'Domain Admins'
as the primary group, but now has 'group12'
Rowland
More information about the samba
mailing list