Web lists-archives.com

Re: [Samba] winbind, nsswitch, AD and group membership caching?




Hi Rowland;

Am Freitag, den 01.06.2018, 11:42 +0100 schrieb Rowland Penny via
samba:
> 
> OK, how are you running the Unix domain members ?
> Are you using the 'ad' or the 'rid' winbind backend ?
> If you are using the 'ad' backend, have you given the groups a
> gidNumber ?
> 

Hmm, I only have these statements relating to winbind and idmap in my
smb.conf; this hasn't changed in ages on our samba systems but so far
we never tried to use this config for ssh login and really working with
multiple groups, just for user/group name mapping:

   idmap config * : backend = tdb
   idmap config * : range = 3000-7999


   winbind separator = +
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes

Should I change that first statement (* backend) to ad then?

It does assign uids and gids as far as I can tell, but these seem in
some way "mixed up" too; while logging in via ssh or doing "groups",
the system complains that one or two group gids can't be resolved to
names.

> Try running 'net cache flush' on the Unix domain member.
> 

Already tried that before, no result.

Best,
Kristian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba