[Samba] Shares stopped working for groups
Nick Howitt
nick at howitts.co.uk
Mon Jul 20 09:37:07 UTC 2020
Bump, please.
On 18/07/2020 08:41, Nick Howitt via samba wrote:
>
> I messed up on my reply yesterday.
>
> On 17/07/2020 21:05, Rowland penny via samba wrote:
>>
>> On 17/07/2020 19:57, Nick Howitt via samba wrote:
>>> Hi,
>>> I have a ClearOS 7.8 system which is running
>>> samba-4.10.4-11.el7_8.x86_64, and it upgraded to this just over a
>>> week ago (probably not relevant). A couple of days ago all the group
>>> shares failed. I discovered that if I switched them to the built-in
>>> group "allusers" the share worked fine. It fails for any
>>> user-defined group but it used to work. Samba is running as a PDC
>>> and the configs, including one share are:
>>>
>>> If I change the valid users to the "allusers" group and change the
>>> folder permissions, it works fine.
>>>
>>>
>>>
>>> [root at server ~]# wbinfo --group-info='allusers'
>>> allusers:x:63000:
>>
>> Interesting, you have: idmap config * : range = 20000000-29999999
>>
>> So where is '63000' coming from ?
>>
> No idea. This is how the O/S is provided and it was probably designed
> when John Terpestra was helping out.
>>>
>>> Jul 16 04:34:28 server winbindd[21471]: [2020/07/16
>>> 04:34:28.069299, 0]
>>> ../../source3/winbindd/idmap_ldap.c:85(get_credentials)
>>> Jul 16 04:34:28 server winbindd[21471]: get_credentials: Unable to
>>> fetch auth credentials for cn=manager,ou=Internal,dc=sha,dc=lan in *
>>>
>>>
>>> I have tried clearing the winbindd_cache.tdb and gencache.tdb but am
>>> wary of clearing anything else without instruction.
>>
>> Have you run these commands :
>>
>> smbpasswd -w <ldap password>
>> net idmap set secret '*' <ldap password>
> Yes and it does not make any difference. How do I proceed with debugging?
>>
>> ClearOS is in for an interesting time when they upgrade to version 8,
>> no Openldap or smbldap-tools, or to put it another way, can I suggest
>> you jump distro and upgrade to AD.
>>
> The dev's are aware and I am not sure which way they will take the
> product. Personally I really want to have AD DC compatibility and
> think it would be good for business, but it may be onerous for small
> installations and non-Windows environments.
>
> Nick
>
>
>
>
More information about the samba
mailing list