Web lists-archives.com

Re: [Samba] chown: changing ownership of 'test': Invalid argument




Ho Roland,

Replies inline

On Wed, 10 Apr 2019 at 11:03, Rowland Penny <rpenny@xxxxxxxxx> wrote:

> On Wed, 10 Apr 2019 10:25:25 +0200
> Ian Coetzee <samba@xxxxxxxxxxxxxxxxx> wrote:
>
> > Hi Rowland,
> >
> > Please see my replies inline.
> > >
> > > Possibly, but it could just be down to you not having this line
> > > in /etc/pam.d/common-session
> > >
> >
> > > session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
> > >
> >
> > I normally add this line through pam-auth-update and a custom file
> > under /usr/share/pam-configs/
> >
> > root@ho-vpn-ctx-ac01:~# cat /usr/share/pam-configs/mkhomedir
> > > Name: Create home directory on login
> > > Default: no
> > > Priority: 0
> > > Session-Type: Additional
> > > Session-Interactive-Only: yes
> > > Session:
> > >     optional            pam_mkhomedir.so skel=/etc/skel/
> > > umask=0022
>
> I take it from that, you already have it ;-)
>

That would be correct ;-)


>
> > The only user I have is the jeadmin user which is the domain admin as
> > well as a local admin user.
>
> ER, no, that would be 'Administrator', is 'jeadmin' a member of
> 'Administrators', 'Domain Admins' or some other such administration
> group ?
>

We have a group policy that renames Administrator to jeadmin


>
> >
> > Should I try renaming the local user?
>
> Either that or delete the user from AD or /etc/passwd, you cannot have
> the same user in both. The user in /etc/password will normally be used
> on the Unix OS


Which is the intended course of action, so I can ssh into the servers with
the jeadmin account in case the domain is offline (debian ssh denies root
logins)

I will quickly drop the user and see if it makes a difference


> before the AD user and will be the opposite way around
> on Windows.
>

Yup. and using .\jeadmin to log in as a local user


>
> Try adding this line to smb.conf:
>
> winbind enum users = yes, restart or reload Samba, then run 'getent
> passwd', this should return all users, local and domain.
>

Oooh I sense a server overload ;-) (Lots of users in the AD)

I have done a winbind enum groups = yes as and a getent group returned
everything I expected (co-incidentally I first noticed this issue on a
chgrp sysadmin $folder command)


>
> Once you are sure that all domain users are being returned, remove the
> line.
>

I am quite confident that nss and winbind are talking to each other quite
nicely.


>
> Rowland
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba