[Samba] net ads status stripped output
rpenny at samba.org
Wed Jun 3 12:24:39 UTC 2020
On 03/06/2020 12:44, Markus Lindberg wrote:
> I guess I'm running it as a 'normal' user as it is not a member of the
> 'Domain Admins' group. Though worth noting this does work on Ubuntu
> 18.04 running Samba version 4.7.6-Ubuntu. Has there been some added
> restrictions when running `net ads status`? In my case I think I'm
> authenticating using a Kerberos ticket using a (service) account which
> has some additional access apart from a 'normal' domain user. To
> re-illitterate, this worked before.
There have been numerous updates between 4.7.x and 4.11.x, any of these
could have caused the change.
>> This is Samba config being used (displayed using testparm command).
>> # testparm
>> server min protocol = NT1
> Why 'NT1' ?
You never explained why you are using 'NT1'
> Not sure but I can update these options.
I hope by 'update' you mean 'remove' ;-)
>>> Why are you using the range '200-30000' ?
> Same thing, I'm not sure, but I will update this one as well.
>>> Have you added any uidNumber and gidNumber attributes to AD ?
> No since we are not using Samba to authenticate any users on the Ubuntu
> machines. We only use Samba to join the computer to the Active Directory
Reading between the lines, it sounds like you are using sssd, if so, you
need to configure smb.conf to use idmap_sss and have no shares. You
cannot use sssd with Samba >= 4.8.0 and have shares.
If you are going to use idmap_ad (backend = ad), then you must add
uidNumber and gidNumber attributes to AD
>> include = /etc/samba/local_shares.conf
>>> What is in the include file ?
> This file is empty and is intended as a config for users to maintain
> since the main ("smb.conf") config is maintained by a configuration
> manager (CFEngine). For example if a user wants to setup a share.
This is wrong as well, for that you should be using usershares
> I will most likely update the config to reflect the recommended options
> from the wiki .
>  https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_Samba
Definitely read that, there is a lot of good info in it (and it will
save me typing it again) ;-)
More information about the samba