Web lists-archives.com

Re: [Samba] Samba with AD : SID rejected




Le 06/05/2019 à 10:46, Rowland Penny via samba a écrit :
> On Mon, 6 May 2019 09:08:10 +0200
> Vincent Ducot <vincent.ducot@xxxxxxxxxxxxxxxx> wrote:
>
>> Hi,
>>
>> sorry for the mistake, I meaned
>>
>> getent passwd vincent shows nothing and I got in the log file:
>>
>> winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent.
>>
>> 'wbinfo -u | grep 'vincent' returns vincent, it's the good username.
>>
> Just because 'wbinfo' shows a user, doesn't mean that a Unix OS will
> know the user, even if the smb.conf appears to be correct.
>
> You originally posted this:
>
> idmap config FOO:backend = ad
> idmap config FOO:schema_mode = rfc2307
> idmap config FOO:range = 10000-999999
> idmap config FOO:unix_nss_info = yes
> idmap config FOO:unix_primary_group = yes
>
> So, does 'vincent' have a uidNumber attribute containing a number
> inside the range '10000-99999999' AND either a gidnumber attribute
> containing the gidNumber of an AD group, or does Domain
> Users have gidNumber attribute ? The gidNumber must be inside the same
> range.
>
> Rowland

Yes, user 'vincent' has uidNumber 10010, gidNumber 13010 and
primaryGroupID 513.

513 corresponds to the group "Domain Users", which have gidNumber 13010

Vincent


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba