[Samba] Authentication issue after updating samba on CentOS 7 (from yum)
Alex
samba at abisoft.biz
Wed Dec 22 17:25:48 UTC 2021
>> > > idmap config * : backend = tdb
>> > > idmap config * : range = 16777216-33554431
>> > Is there some reason for that range ? It will allow you 16777215
>> > users
>> > & groups for something that requires only about 200.
>>
>> I think it's a legacy. Don't remember why it's here. I'll try to
>> remove it.
> You are probably stuck with it.
Anyway, they don't seem to correlate with the current issue, right?
>>
>> > > idmap config DOMAIN:unix_primary_group = yes
>> > Do your users have gidNumber attributes.
>>
>> Yes, they do. This came from MS Services for Unix.
> Have you actually checked, MS-SFU didn't add a gidNumber attribute to
> users, unless you told it to.
Yes, of course. Here is a sample of AD user entry: https://paste.ee/p/7X6N0
>> > > winbind use default domain = true
>> > > winbind offline logon = false
>> > > winbind enum users = Yes
>> > > winbind enum groups = Yes
>> > You do not need the 'enum' lines, it works without them.
>>
>> There was an issue w/o the enum lines. Unfortunately, I don't
>> remember exactly what it was, probably couldn't retrieve groups from
>> the AD with "getent group" command.
> Adding those lines would not fix such a problem, either it would work
> or it wouldn't. All those lines do is to get 'getent user' to display
> all users and 'getent group' to display all groups, along with slowing
> everything down.
So, I was right :) I don't see any slowness, actually. Everything worked pretty good before this update has come.
>>
>> > > [username]
>> > > comment = username's home
>> > > path = /home/username
>> > > read only = No
>> > > create mode = 0660
>> > > valid users = username
>> > As noted above, why are you not using '[homes]' ?
>>
>> It's b/c most users are prohibited from using this server. So, I
>> allowed homes on this server for just a few of them directly.
> So does that mean you have multiple '[username]' shares in smb.conf ?
Yeah, just like this one. I skipped them for the letter's size sake.
>> I did that both (changed min uid to 0 and set a user.map file) -
>> still can't log in :(
> This is very strange, I am using Samba 4.15.3 with this smb.conf and I
> can log in:
[skip]
Any ideas what to do?
--
Best regards,
Alex
More information about the samba
mailing list