Web lists-archives.com

Re: [Samba] Fw: AD usres are not show in Domain Controller when apply setfacl command




On Fri, 30 Nov 2018 06:16:42 +0000 (UTC)
barani tharan <aru_barani@xxxxxxxxx> wrote:

>  Dear Rowland Penny
>  I follow your mentioned step still i am face the same problem
> I have 1 Domain Controller [sambadc] and 1 Domain member for Samba
> Share and backup [backupserver]
> 
> 1.when try view the ACL rights is backup server i can able view the
> domain user name [root@backupserver Rishinox]#
> getfacl /ADHDD/Rishinox/ getfacl: Removing leading '/' from absolute
> path names # file: ADHDD/Rishinox/

> [root@backupserver Rishinox]# vi /etc/samba/smb.conf
> 
> [global]

> 
>    workgroup = RISHI

Lets start with the obvious question, why do you think it is a good
idea to use the workgroup 'ADHDD' on the DC and 'RISHI' on the Unix
domain member ?

All domain members need to use the same workgroup.

>    password server = sambadc.rishi.com
>    realm = RISHI.COM
>    security = ads
>    idmap config * : range = 16777216-33554431
>    template shell = /bin/bash
>    kerberos method = secrets only
>    winbind use default domain = yes
>    winbind offline logon = true
> 

Why are you using that range ?
Are you also using sssd on that machine ?
I ask the last question because your smb.conf isn't set up correctly
for winbind and you used red-hat tools to set up smb.conf
Stop trying to use 'Administrator' as a user on Unix domain members,
that user is a Windows user and should be mapped to the Unix user 'root'

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba