Web lists-archives.com

Re: [Samba] Samba ADS-member-server: FQDNs in /etc/hosts




On Thu, 13 Jul 2017 07:39:40 +0200
"Stefan G. Weichinger" <lists@xxxxxxxx> wrote:

> Am 2017-07-12 um 14:34 schrieb Rowland Penny:
> 
> > 4) Rowland scratches head and wonders 'how the hell is that
> > happening ?' ;-)
> > 
> > This is happening on the machine connected to, not on the machine
> > connecting.
> > 
> > Please post the smb.conf from 'server'
> > if there is a 'user.map' mentioned in smb.conf, please post this.
> 
> was there, pointed to empty file. disabled that now
> 
> 
> [global]
> workgroup = BUERO
> realm = secret.AT
> netbios name = SERVER
> 
> security = ADS
> map to guest = Bad User
> #username map = /etc/samba/smbusers
> 
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind refresh tickets = yes
> 
> winbind trusted domains only = no
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> 
> # Use settings from AD for login shell and home directory
> winbind nss info = template
> template shell = /bin/bash
> template homedir = /mnt/samba/Daten/%U
> 
> map untrusted to domain = Yes
> 
> # Default idmap config used for BUILTIN and local accounts/groups
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> 
> # idmap config for domain BUERO
> idmap config BUERO:backend = rid
> idmap config BUERO:range = 10000-99999
> 
> load printers = no
> printing = bsd
> printcap name = /dev/null
> 
> # turn off roaming profiles
> logon path = ""
> logon home = ""
> 
> hosts allow = localhost 192.168.16. 172.32.99.
> 
> log level = 3
> 
> 
> 
> > check if 'Administrator' is in /etc/passwd
> 
> no, it is not
> 
> > Run 'getent passwd secretuser1'
> > Run 'getent passwd Administrator'
> > 
> > You should get output from the first, but nothing from the second.
> 
> I get both:
> 
> root@pre01svdeb01:/etc/samba# getent passwd secretuser1
> secretuser1:*:11037:10513::/mnt/samba/Daten/secretuser1:/bin/bash
> 
> root@pre01svdeb01:/etc/samba# getent passwd Administrator
> administrator:*:10500:10513::/mnt/samba/Daten/administrator:/bin/bash
> 

OK, uncomment the username map line and create the file with this
content:

!root = BUERO\Administrator BUERO\administrator Administrator
administrator

This will make Administrator 'root' (as it should be) and hopefully
stop your problem.

Rowland
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba