[Samba] AD Users on Linux Laptop
L.P.H. van Belle
belle at bazuin.nl
Thu Jul 9 10:11:10 UTC 2020
Thats great info i didnt know.
I'll keep that in mind for the new howto.
Thank you.
@Rowland, this is something we need to add to the wiki.
Greetz,
Louis
Van: commandline at protonmail.com [mailto:commandline at protonmail.com]
Verzonden: donderdag 9 juli 2020 12:08
Aan: L.P.H. van Belle; samba at lists.samba.org
Onderwerp: Re: [Samba] AD Users on Linux Laptop
Just in case this is relevant in a larger scope.
Linux containers use 10000 as container root uid. I assume this may cause 'interplay' in some setups.
- -
Joris
-------- Oorspronkelijk bericht --------
Aan 9 jul. 2020 12:05, L.P.H. van Belle via samba < samba at lists.samba.org> schreef:
Ahha, perfect, nice.
So per example. ( from my setup )
idmap config *:range = 2000-9999
idmap config SAMDOM : range = 10000-3999999
And if i understanded it right we should use 10000
Can you try this :
sed -i "s/pam_krb5.so minimum_uid=1000/pam_krb5.so minimum_uid=$(grep range /etc/samba/smb.conf|grep -v \* |cut -d"=" -f2 | cut -d"-" -f1|cut -c2-10000000000)/g" /usr/share/pam-configs/krb5
pam-auth-update
Looks good to me.
Or we could try to change requered to sufficient in /usr/share/pam-configs/krb5
Still reading a bit on this part.
:-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: donderdag 9 juli 2020 11:27
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] AD Users on Linux Laptop
>
> On 09/07/2020 09:50, L.P.H. van Belle via samba wrote:
> > Hai Rowland,
> >
> > Maybe i didnt understand your reply that well, but why
> would you change it.
> >
> > All (linux) users have minimum_uid=1000 and start at 1000.
> > All (windows) users (samba) are above minimum_uid=1000
> >
> > So in my optinion, you should not be needed to change this.
> > Unless your users start below 1000.
> >
> > Also cat /etc/adduser.conf shows ( For Debian/Buster )
> >
> > # FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of
> UIDs of dynamically
> > # allocated user accounts/groups.
> > FIRST_UID=1000
> > LAST_UID=29999
> >
> > FIRST_GID=1000
> > LAST_GID=29999
> >
> > If you can give me an example when its not working, ill
> have look at it..
>
> OK, if you use 1000 and try to change the password for a
> local Unix user
> (not to be confused with a domain Unix user), you get this:
>
> pi at raspberrypi:~ $ sudo passwd adminuser
> Current Kerberos password:
>
> But if you use the low range number instead of '1000', you get:
>
> pi at raspberrypi:~ $ sudo passwd adminuser
> Enter new password:
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list