Web lists-archives.com

Re: [Samba] Samba with AD : SID rejected




On Mon, 6 May 2019 09:08:10 +0200
Vincent Ducot <vincent.ducot@xxxxxxxxxxxxxxxx> wrote:

> Hi,
> 
> sorry for the mistake, I meaned
> 
> getent passwd vincent shows nothing and I got in the log file:
> 
> winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent.
> 
> 'wbinfo -u | grep 'vincent' returns vincent, it's the good username.
> 

Just because 'wbinfo' shows a user, doesn't mean that a Unix OS will
know the user, even if the smb.conf appears to be correct.

You originally posted this:

idmap config FOO:backend = ad
idmap config FOO:schema_mode = rfc2307
idmap config FOO:range = 10000-999999
idmap config FOO:unix_nss_info = yes
idmap config FOO:unix_primary_group = yes

So, does 'vincent' have a uidNumber attribute containing a number
inside the range '10000-99999999' AND either a gidnumber attribute
containing the gidNumber of an AD group, or does Domain
Users have gidNumber attribute ? The gidNumber must be inside the same
range.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba