[Samba] Very strange: Samba is unable to access one of its own files

Rowland Penny rpenny at samba.org
Thu Nov 14 15:04:42 UTC 2024


On Thu, 14 Nov 2024 09:52:47 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:

> On 11/13/24 15:54, Rowland Penny via samba wrote:
> >>       log level = 1
> >>
> >>       # dns update command = /usr/sbin/samba_dnsupdate
> >> --use-samba-tool
> >>
> >>       # Winbindd setup for shares:
> >>       # template shell = /bin/bash
> >>       # template homedir = /home/%U
> >>
> >>       # idmap_nss plugin setup:
> >>       idmap config * : backend = tdb
> >>       idmap config * : range = 1000000-3999999
> >>
> >>       idmap config SAMBA : backend  = nss
> >>       idmap config SAMBA : range = 1000-999999
> > You should remove the 'idmap config' lines, they should never be
> > set on a DC.
> 
> Thanks again! As soon as the idmap lines were removed--and Samba was 
> restarted--sanity was restored. I also uncommented these lines:
> 
>       template shell = /bin/bash
>       template homedir = /home/%U
> 
> I do get an unexpected result from retrieving my domain user's passwd
> line:
> 
>       # getent passwd SAMDOM\\jgraham
>       SAMDOM\jgraham:*:10000:100::/home/SAMDOM/jgraham:/bin/false
> 
> It appears that somehow the defaults from smb.conf are being 
> ignored...or is it that the defaults were in place when the domain 
> account was created? But, hmm, running
> 
>       samba-tool user show -U Administrator jgraham
> 
> gets me, among other things:
> 
>       loginShell: /bin/bash
>       unixHomeDirectory: /home/jgraham
> 
> Is the information that getent retrieves sourced somewhere else?

Yes and then again no ;-)

Try running 'net cache flush' and try again with getent.
The first time Samba is asked for a users details it gets it from AD,
but it also then caches the details to speed things up, you are probably
reading from the cache.

Rowland




More information about the samba mailing list