Web lists-archives.com

Re: [Samba] wbinfo -S SID deliver -1

Thanks for fast help !
Inside username map is :

!root = EDNT\Administrator EDNT\administrator

All your changs done.

With rid it works !

Why i cant use AD ??

Regards Karl

Am 25.04.2017 um 23:06 schrieb Rowland Penny via samba:
On Tue, 25 Apr 2017 22:31:48 +0200
edv--- via samba <samba@xxxxxxxxxxxxxxx> wrote:

i have setup a samba server as a AD member. AD: 2012R2

The first day everything was working fine. After restart the Samba
Service i had no access to my shares.

getent passwd  and getent group deliver the UID and GID :
4294967295:4294967295: by all AD Users

which is -1 (FFFF FFFF)

wbinfo -n user deliver S-1-5-21-4001112740-1724199908-163113746-1106
SID_USER (1) which is correct !

I get from wbinfo -S S-1-5-21-4001112740-1724199908-163113746-1106 as
result -1 !

In the Winbind log i get :
i get from the log Parsing value for key

The Samba Version is : Version 4.2.14-Debian

My smb.conf is :
          netbios name = fs2
          workgroup = XDNT
          security = ADS
          realm = XDNT.DE
          encrypt passwords = yes

          log file = /var/log/samba/log.%m
          log level = 10  #passdp:10 auth:10 winbind:10

# Log auf Datei Zugriff
          vfs object = full_audit recycle acl_xattr
          full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
          full_audit:success = mkdir rename unlink rmdir pwrite
          full_audit:failure = none
          full_audit:facility = local7
#       full_audit:priority = DEBUG
          full_audit:priority = notice

# Log auf Datei löschen
          recycle:repository = /srv/export/samba/recycle
          recycle:subdir_mode = 0770
          recycle:directory_mode = 0770
          recycle:keeptree = Yes
          recycle:versions = Yes
          recycle:touch = Yes
          recycle:touch_mtime = Yes
          recycle:maxsize = 0

          syslog = yes

#idmap config *:backend = tdb
#idmap config *:range = 85000-86000
Uncomment the above two lines you need them ;-)

          idmap config XDNT : backend = ad
          idmap config XDNT : schema_mode = rfc2307
          idmap config XDNT : range = 3000000-4000000
Have you actually given your users and groups a uidNumber or gidNumber
attribute inside the range 3000000-4000000 ?

If not, change the backend to 'rid' instead of 'ad' and remove the
schema_mode line.

          idmap config XDNT:unix_primary_group = yes
The Same goes for the above line, if you have no gidNumber attributes,
remove it.

          winbind nss info = rfc2307
          winbind trusted domains only = no
          winbind use default domain = yes
          winbind enum users = yes
          winbind enum groups = yes
          winbind refresh tickets = yes

#       winbind nss info = template
#       template shell = /bin/bash
#       template homedir = /home/%U
uncomment the template lines if you use the 'rid' backend

          map acl inherit = Yes
          store dos attributes = Yes
Add 'vfs objects = acl_xattr' as well

          follow symlinks = yes

passdb backend = tdbsam
map untrusted to domain = Yes

username map = /etc/samba/user.map
What is in the username map ?

Try reading this Samba wiki page:



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba