[Samba] Samba Issue for Mac

Himanshi Yadav hyadav at uchicago.edu
Fri Mar 17 14:47:11 UTC 2023 

We are using the nss-db instead of SSSD on the Samba server.


The backend database is nss.



idmap config adlocal : backend = nss



Our issue is related to user directory discrepancy on the Mac OS systems. On the windows systems, we don’t see any issue.

-Himi
________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org>
Sent: Tuesday, March 14, 2023 2:12 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Samba Issue for Mac



On 14/03/2023 18:55, Himanshi Yadav wrote:
> Hello
>
> Here are the details you requested.
>
> *What OS is Samba running on ?*
>
> CentOS Linux release 8.4.2105
>
>
> *What version of Samba ?*
>
> Samba version 4.13.3
>
>
> *How is Samba Running, as a standalone server or a Unix domain member, or
> a DC ?*
>
> **
>
> Domain Members
>
> *Please post the output of 'testparm -s' (unless it is a DC, then post
> the output of 'samba-tool testparm')
>
>
> ***
>
> [root at midway3-dm1 ~]# testparm -s
>
> Load smb config files from /etc/samba/smb.conf
>
> lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is
> deprecated
>
> Loaded services file OK.
>
> Weak crypto is allowed
>
> Server role: ROLE_DOMAIN_MEMBER
>
> # Global parameters
>
> [global]
>
>          clustering = Yes
>
>          idmap cache time = 1
>
>          idmap negative cache time = 1
>
>          kerberos method = system keytab
>
>          log file = /var/log/samba/log.%m
>
>          max log size = 50
>
>          netbios name = DMCIFS
>
>          realm = AD.UCHICAGO.EDU
>
>          security = ADS
>
>          server min protocol = SMB3_02
>
>          server string = Samba Server Version %v
>
>          workgroup = AD
>
>          fruit:delete_empty_adfiles = yes
>
>          fruit:wipe_intentionally_left_blank_rfork = yes
>
>          fruit:veto_appledouble = no
>
>          fruit:posix_rename = yes
>
>          fruit:model = MacSamba
>
>          fruit:metadata = stream
>
>          fileid:algorithm = fsname
>
>          idmap config adlocal : range = 1401-2147483647
>
>          idmap config adlocal : backend = nss
>
>          idmap config * : range = 2147483648-3000000000
>
>          idmap config * : backend = tdb2
>
>          hosts allow = 127. 128.135.0.0/255.255.0.0
> 205.208.0.0/255.255.128.0 10.0.0.0/255.0.0.0 192.170.192.0/255.255.224.0
>
>          invalid users = root bin daemon adm lp sync shutdown halt mail
> operator games ftp nobody dbus systemd-coredump systemd-resolve tss
> polkitd geoclue rtkit pulse pipewire libstoragemgmt qemu usbmuxd unbound
> rpc gluster chrony setroubleshoot saslauth dnsmasq radvd clevis
> cockpit-ws cockpit-wsinstance sssd flatpak colord gdm rpcuser
> gnome-initial-setup sshd pesign avahi rngd tcpdump munge
>
>          kernel oplocks = Yes
>
>          vfs objects = gpfs fileid catia fruit streams_xattr
>
> [homes]
>
>          browseable = No
>
>          comment = Home Directories
>
>          create mask = 0664
>
>          directory mask = 02775
>
>          force create mode = 0664
>
>          force directory mode = 02775
>
>          read only = No
>
>          valid users = %S
>
>          fileid:algorithm = fsname
>
> [midway3-scratch]
>
>          browseable = No
>
>          comment = Midway3 Scratch Directories
>
>          path = /scratch/midway3
>
>          read only = No
>
>          fileid:algorithm = fsname
>
> [project]
>
>          browseable = No
>
>          comment = Project Directories
>
>          create mask = 0664
>
>          directory mask = 02775
>
>          force create mode = 0664
>
>          force directory mode = 02775
>
>          path = /project
>
>          read only = No
>
>          fileid:algorithm = fsname
>
> [beagle3]
>
>          browseable = No
>
>          comment = Beagle3 Directories
>
>          create mask = 0664
>
>          directory mask = 02775
>
>          force create mode = 0664
>
>          force directory mode = 02775
>
>          path = /beagle3
>
>          read only = No
>
>          fileid:algorithm = fsname
>
> [printers]
>
>          browseable = No
>
>          comment = All Printers
>
>          path = /var/spool/samba
>
>          printable = Yes

Is this a sanitisation error:

You have

workgroup = AD

and

idmap config adlocal

They are both supposed to use the same name

Other than that, sorry but I cannot help further, you appear to be using
sssd and I do not use it and know very little about it.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list