Web lists-archives.com

Re: [Samba] sometimes users fails to login




Actually the system is running Samba 4.5, so "winbind nss info" entry should be OK. My understanding is that winbind run somenthing like an LDAP search to get the uidNumber, so may be just to check I can run the following command when the issue is present:

/opt/samba/bin/net ads search "(SAMAccountName=<user name>)" uidnumber -U Administrator

Thanks
Andrea


Il 3/18/2019 9:33 PM, Rowland Penny via samba ha scritto:
On Mon, 18 Mar 2019 18:43:54 +0100
Andrea Cucciarre' <acucciarre@xxxxxxxxxxxx> wrote:

Hello,

Still fighting on this issue, now sometimes I get the following (may
be) relevant errors:

I have shortened your smb.conf to just the problem areas ;-)

Hereafter my smb.conf:

[global]
idmap config * : backend = tdb
idmap config * : range = 30000-40000
idmap config * : schema_mode = rfc2307
You do not use the line above with the default '*' domain

idmap config BITINTRA : backend = ad
idmap config BITINTRA : range = 1000000-3000000
idmap config BITINTRA : schema_mode = rfc2307
idmap config BUILTIN : backend = ad
idmap config BUILTIN : range = 10000001-11000000
idmap config BUILTIN : schema_mode = rfc2307
The BUILTIN domain is covered by the default '*' domain, so shouldn't
be set in smb.conf

winbind nss info = rfc2307
If I remember correctly, you are using Samba 4.6.x and the above line
has been replaced by:

idmap config DOMAIN : unix_nss_info = yes

Which needs setting on all the 'idmap config' blocks e.g.

idmap config BITINTRA : backend = ad
idmap config BITINTRA : range = 1000000-3000000
idmap config BITINTRA : schema_mode = rfc2307
idmap config BITINTRA : unix_nss_info = yes

Finally, do you have trusts setup to all the Domains ?

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba