[Samba] Shares stopped working for groups

Nick Howitt nick at howitts.co.uk
Sat Jul 18 07:41:05 UTC 2020 

I messed up on my reply yesterday.

On 17/07/2020 21:05, Rowland penny via samba wrote:
>
> On 17/07/2020 19:57, Nick Howitt via samba wrote:
>> Hi,
>> I have a ClearOS 7.8 system which is running 
>> samba-4.10.4-11.el7_8.x86_64, and it upgraded to this just over a 
>> week ago (probably not relevant). A couple of days ago all the group 
>> shares failed. I discovered that if I switched them to the built-in 
>> group "allusers" the share worked fine. It fails for any user-defined 
>> group but it used to work. Samba is running as a PDC and the configs, 
>> including one share are:
>>
>> If I change the valid users to the "allusers" group and change the 
>> folder permissions, it works fine.
>>
>>
>>
>>    [root at server ~]# wbinfo --group-info='allusers'
>>    allusers:x:63000:
>
> Interesting, you have: idmap config * : range = 20000000-29999999
>
> So where is '63000' coming from ?
>
No idea. This is how the O/S is provided and it was probably designed 
when John Terpestra was helping out.
>>
>>    Jul 16 04:34:28 server winbindd[21471]: [2020/07/16
>>    04:34:28.069299,  0]
>>    ../../source3/winbindd/idmap_ldap.c:85(get_credentials)
>>    Jul 16 04:34:28 server winbindd[21471]:  get_credentials: Unable to
>>    fetch auth credentials for cn=manager,ou=Internal,dc=sha,dc=lan in *
>>
>>
>> I have tried clearing the winbindd_cache.tdb and gencache.tdb but am 
>> wary of clearing anything else without instruction.
>
> Have you run these commands :
>
> smbpasswd -w <ldap password>
> net idmap set secret '*' <ldap password>
Yes and it does not make any difference. How do I proceed with debugging?
>
> ClearOS is in for an interesting time when they upgrade to version 8, 
> no Openldap or smbldap-tools, or to put it another way, can I suggest 
> you jump distro and upgrade to AD.
>
The dev's are aware and I am not sure which way they will take the 
product. Personally I really want to have AD DC compatibility and think 
it would be good for business, but it may be onerous for small 
installations and non-Windows environments.

Nick

More information about the samba mailing list