Samba package 4.9.x samba smbd not playing with winbind.
L.P.H. van Belle
belle at bazuin.nl
Tue Sep 25 15:14:44 UTC 2018
Hai,
Thank for the links to the other bug reports, i've check them and this is all the same ( almost then )
But almost all of these are related to this.
> > S-1-5-32-546 != SID: S-1-5-21domain-514
> > Guests Domain Guests
> All is needed is BUILTIN\Guests, not Domain Guests.
>
> See e8dc55d2b969 and https://bugzilla.samba.org/show_bug.cgi?id=13328
Sorry potato tomato imo.
Bugreport says : Windows 10 cannot logon on Samba NT4 domain
I want : Windows 10 cannot connect to Samba Stand-Alone server.
Thats why i pointed at : S-1-5-32-546 != SID: S-1-5-21domain-514
>> Guests Domain Guests
> All is needed is BUILTIN\Guests, not Domain Guests.
>
> See e8dc55d2b969 and https://bugzilla.samba.org/show_bug.cgi?id=13328
But that's not the point. (@Richard.)
> Yes. The BUILTIN groups should be implemented by all SMB servers these days.
If you say 'should be implemented by all SMB servers' , then im asking, what kind of "servers" standalone, member or ADDC.
Because these are 3 diffent servers with diffent outcomes.
If you look at your windows pc that is NOT domain joined, what you need to login ( remotely )
COMPUTERNAME\user or .\user ( where . = the computername )
Which is the same in, a Windows 2016 AD server, does function other way then a Windows 10 NOT DOMAIN JOIN pc does.
In my opionion, MS is not clear on the BUILTIN\ groups. At least not what i quick could find.
At one point these are "local" group at other moment these are "Aliasses"
> > For now, i keep it simple an in sight for me in my smb.conf
> and i set the 2 : idmap * lines.
> > I can add that simple in the smb.conf of my debian install,
> but its not nice. :-/
> An issue I see is that, unlike 'net groupmap add ..' variant,
> we cannot
> really default to a working default idmap configuration
> without knowning in advance what ID range to use there.
Your here totaly right. Only the distro packagers and set "some" of defaults.
But THANK YOU ALL for having a look.
At least i know this problem is/was not me. :-)
I'll step to the side and let you guy think about the fix.
Best regards everybody.
Louis
> -----Oorspronkelijk bericht-----
> Van: Alexander Bokovoy [mailto:ab at samba.org]
> Verzonden: dinsdag 25 september 2018 16:20
> Aan: L.P.H. van Belle
> CC: samba-technical at lists.samba.org
> Onderwerp: Re: Samba package 4.9.x samba smbd not playing
> with winbind.
>
> On ti, 25 syys 2018, L.P.H. van Belle via samba-technical wrote:
> > @Rowland
> > Now reboot your server.
> > And smbd isnt started anymore at boot.
> > Dont get fooled that it started before..
> >
> >
> > @Alexander
> > Now small comment on :
> > > With 4.9.0 we expanded guest handling to differentiate
> between anonymous and guest sessions.
> > > This required a proper handling of BUILTIN\Guests and
> thus is now forces to be able
> > > to have either writable backend or aliases configured properly.
> > >
> > Yes, that is known.
> >
> > And sorry, but in my opinion this is not handled properly.
> >
> > A "stand alone" setup does not require BUILTIN\Guests maybe
> COMPUTERNAME\Guests
> > S-1-5-32-546 != SID: S-1-5-21domain-514
> > Guests Domain Guests
> All is needed is BUILTIN\Guests, not Domain Guests.
>
> See e8dc55d2b969 and https://bugzilla.samba.org/show_bug.cgi?id=13328
>
> > > Question is mostly what defaults we should have for
> BUILTIN\Guests.
> > > Perhaps, we should always do the groupmap rule I added...
> > >
> >
> > Well, i just follow you Samba Devs.
> This is was a question 'into an air' to trigger Metze's answer. ;)
>
> > Im just an it guy and i can't programm what your guys do..
> Respect for that!
> >
> > For now, i keep it simple an in sight for me in my smb.conf
> and i set the 2 : idmap * lines.
> > I can add that simple in the smb.conf of my debian install,
> but its not nice. :-/
> An issue I see is that, unlike 'net groupmap add ..' variant,
> we cannot
> really default to a working default idmap configuration
> without knowning
> in advance what ID range to use there.
>
> --
> / Alexander Bokovoy
>
>
More information about the samba-technical
mailing list