Web lists-archives.com

Re: [Samba] objectclass "posixAccount" missing on new created users




On Thu, 17 Aug 2017 09:39:07 +0200
gizmo via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello,
> I made an upgrade from sernet-samba 4.3.11 to sernet-samba 4.6.7.
> With samba 4.3.11 all created users contained the objectclass
> "posixAccount". With samba 4.6.7 they don't.
> 
> We have a NetApp-Storage-Server which exports nfs4-mounts (with
> kerberos). Yesterday I wanted to change the owner of a directory and
> "chown" threw an error "invalid argument". It was the new created
> user which the NetApp didnt want to accept and caused that error.
> 
> So the NetApp accepts only users which derive from "posixAccount".
> 
> The parameter "idmap_ldb:use rfc2307 = yes" is set in smb.conf.
> "ldbsearch .. CN=ypservers,.." returns one record.
> 
> With "ldbmodify add ..." I can add the objectclass "posixAccount",
> but is this the right way ?

No, definitely not, 'posixAccount' is an auxiliary objectclass of
'user' and as such never appears in AD. If your NetApp needs
'posixAccount when connecting to AD, then your NetApp is what is
broken.
 
> 
> 
> 
> 2 more informations about our enviroment:
> - User-authentication on all linux-clients is based on sssd.

I am going to stop there, sssd has nothing to do with Samba, go and ask
on the sssd-users list, or use winbind instead (note: winbind can do
everything sssd can do).

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba