Web lists-archives.com

Re: [Samba] canonicalize_connect_path failed for service




On Mon, 23 Apr 2018 22:24:27 +1000
Rob Thoman <emailthomasrob@xxxxxxxxx> wrote:

> Hi Rowland,
> 
> Sorry about the confusion. I was referring to Samba PDC which we
> classicupgraded to AD DC. So it is AD DC
> The ranges don't overlap, there was a typo, it was meant to
>  idmap config * : range = 3000-7999
>  idmap config CDR:range = 10000-110000
> 
> getent passwd of the users in member server gives me
> user01:3029:3000:

This shows that, for some reason, 'user01' is being treated as NOT
being a member of the 'CDR' domain, also the same goes for their
primary group (probably Domain Users).

> 
> The uid number of the user in question according to AD is 1070. 
> gid number of groups starts from 10000.

If the users uidNumber attribute contains '1070' then your start range
for 'CDR' must be below this, perhaps '1020' to allow for any local
Unix users (those in /etc/password). You will also have to ensure that
'Domain Users' has a gidNumber attribute containing a number inside
the range. 

> The version of Samba in the member server is 3.6. 

I seem to remember this, for some reason you cannot upgrade Samba

> I've added the
> winbind nss info = rfc2307  bit
> 
>        idmap config * : backend = tdb
>        idmap config * : range = 3000-7999
>         winbind use default domain = yes
>         winbind nss info = rfc2307
>         idmap config CDR:backend = ad
>         idmap config CDR:schema_mode = rfc2307
>         idmap config CDR:range = 11000-12000
>         winbind use default domain = yes
> 
>   I did the above changes, reloaded the Samba config and got the same
> result

>From what you have posted, try these lines:

       idmap config * : backend = tdb
       idmap config * : range = 20001-20999
       idmap config CDR:backend = ad
       idmap config CDR:schema_mode = rfc2307
       idmap config CDR:range = 1020-20000

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba