[Samba] AD Users on Linux Laptop
commandline at protonmail.com
commandline at protonmail.com
Thu Jul 9 10:08:19 UTC 2020
Just in case this is relevant in a larger scope.
Linux containers use 10000 as container root uid. I assume this may cause 'interplay' in some setups.
\- -
Joris
\-------- Oorspronkelijk bericht --------
Aan 9 jul. 2020 12:05, L.P.H. van Belle via samba < samba at lists.samba.org> schreef:
>
>
>
> Ahha, perfect, nice.
>
> So per example. ( from my setup )
> idmap config \*:range = 2000-9999
> idmap config SAMDOM : range = 10000-3999999
>
> And if i understanded it right we should use 10000
>
> Can you try this :
>
> sed -i "s/[pam\_krb5.so][pam_krb5.so] minimum\_uid=1000/[pam\_krb5.so][pam_krb5.so] minimum\_uid=$(grep range /etc/samba/smb.conf\|grep -v \\\* \|cut -d"=" -f2 \| cut -d"-" -f1\|cut -c2-10000000000)/g" /usr/share/pam-configs/krb5
> pam-auth-update
>
> Looks good to me.
> Or we could try to change requered to sufficient in /usr/share/pam-configs/krb5
> Still reading a bit on this part.
>
> :-)
>
> Greetz,
>
> Louis
>
> > -----Oorspronkelijk bericht-----
> > Van: samba \[mailto:samba-bounces at lists.samba.org\] Namens
> > Rowland penny via samba
> > Verzonden: donderdag 9 juli 2020 11:27
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: \[Samba\] AD Users on Linux Laptop
> >
> > On 09/07/2020 09:50, L.P.H. van Belle via samba wrote:
> > > Hai Rowland,
> > >
> > > Maybe i didnt understand your reply that well, but why
> > would you change it.
> > >
> > > All (linux) users have minimum\_uid=1000 and start at 1000.
> > > All (windows) users (samba) are above minimum\_uid=1000
> > >
> > > So in my optinion, you should not be needed to change this.
> > > Unless your users start below 1000.
> > >
> > > Also cat /etc/adduser.conf shows ( For Debian/Buster )
> > >
> > > \# FIRST\_\[GU\]ID to LAST\_\[GU\]ID inclusive is the range of
> > UIDs of dynamically
> > > \# allocated user accounts/groups.
> > > FIRST\_UID=1000
> > > LAST\_UID=29999
> > >
> > > FIRST\_GID=1000
> > > LAST\_GID=29999
> > >
> > > If you can give me an example when its not working, ill
> > have look at it..
> >
> > OK, if you use 1000 and try to change the password for a
> > local Unix user
> > (not to be confused with a domain Unix user), you get this:
> >
> > pi at raspberrypi:~ $ sudo passwd adminuser
> > Current Kerberos password:
> >
> > But if you use the low range number instead of '1000', you get:
> >
> > pi at raspberrypi:~ $ sudo passwd adminuser
> > Enter new password:
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> \--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
[pam_krb5.so]: http://pam_krb5.so
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20200709/c7c64001/signature.sig>
More information about the samba
mailing list