Re: [Samba] Samba with AD : SID rejected
- Date: Fri, 3 May 2019 14:54:52 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba with AD : SID rejected
On Fri, 3 May 2019 13:22:20 +0200
Vincent Ducot <vincent.ducot@xxxxxxxxxxxxxxxx> wrote:
> Le 03/05/2019 à 13:10, Rowland Penny via samba a écrit :
> > On Fri, 3 May 2019 12:06:38 +0200
> > Vincent Ducot <vincent.ducot@xxxxxxxxxxxxxxxx> wrote:
> >> Hi,
> >> Louis, Rowland, thanks for you answer.
> >> @Louis
> >> All packages were installed.
> >> I change my config file following your advices, the problem is
> >> still here. I already followed guides from thctlo's github.
> >> @Rowland
> >> Yes, my dns domain was different, but answered also to test.lan.
> >> It's now set to 'kdc=dc.foo.lab'
> >> I have my user vincent with uidNumber 10010 and gidNumber 13010
> >> (corresponding to Domain Users group).
> >> Getting SID from name (wbinfo -n) and name from SID (wbinfo -s)
> >> works . Commands with UID involved (wbinfo --sid-to-uid, wbinfo
> >> --uid-to-sid) work for my user vincent but not for the groups.
> >> Could it be a Windows problem ? Is there any changes in attributes
> >> between 2016 and 2019 ? (I use evaluation version of 2019, not yet
> >> a licence)
> > Whilst I think that there are attribute changes between 2016 & 2019,
> > they will have been additions rather than removal. Samba, when
> > using the winbind 'ad' on Unix domain members, relies on RFC2307
> > attributes and if you can add them to AD, you shouldn't have a
> > problem.
> > I think your problem is more likely to be dns related. I note that
> > Louis pointed out that your kdc domain didn't seem to match your
> > Samba domain, so are all the machines in the same dns domain ?
> > Rowland
> Yes, now I only have dc.foo.lab and share.foo.lab.
> Why some commands do work if it is a dns related problem ?
Because some commands work over RPC.
To unsubscribe from this list go to the following URL and read the