On 08/16/2012 08:56 PM, Gémes Géza wrote:
2012-08-16 20:07 keltezéssel, steve írta:
On 16/08/12 19:32, Gémes Géza wrote:
2012-08-16 18:53 keltezéssel, steve írta:
Here is the conf which works on box2:
[global]
realm = hh3.site
workgroup = ALTEA
security = ADS
winbind enum users = Yes
winbind enum groups = Yes
idmap config *:backend = tdb
idmap config *:range = 3000-4000
idmap config ALTEA:backend = ad
idmap config ALTEA:range = 20000-40000000
idmap config ALTEA:schema_mode = rfc2307
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
[home]
path = /home2/home
read only = No
[profiles]
path = /home2/profiles
read only = No
The following are for the Samba3 box:
Does net ads testjoin reports join ok?
wbinfo -u lists all the users?
wbinfo -g lists all the groups?
wbinfo -i some_username is able to list all user info?
Have you changed your /etc/nsswitch.conf to have?
passwd: files winbind
group: files winbind
(others doesn't realy matter)
does id some_username and getent passwd some_username give meaningless
results?
If all the above yes, have you checked, that the shared folder permits
write access for the above some_username (from linux shell first)?
Hi Geza, Rowland, everyone
OK I found it. The answer to all the above is yes. I did one furcher
check with getent group which does _not_ return AD groups. getent group
ALTEA\\group_name does however work.
Anyway I found the problem. Here is a user with rfc2307:
dn: CN=steve2,CN=Users,DC=hh3,DC=site
cn: steve2
instanceType: 4
whenCreated: 20120812101809.0Z
uSNCreated: 3845
name: steve2
objectGUID: 30cef31e-fba8-418a-a0e7-293ddf232c7e
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-643408982-184040625-1139712187-1123
logonCount: 0
sAMAccountName: steve2
sAMAccountType: 805306368
userPrincipalName: ste...@hh3.site
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hh3,DC=site
pwdLastSet: 129892402900000000
uidNumber: 3000024
gidNumber: 20513
unixHomeDirectory: /home2/home/steve2
loginShell: /bin/bash
homeDrive: Z:
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
userAccountControl: 66048
accountExpires: 0
homeDirectory: \\hh30\home\steve2
profilePath: \\hh30\profiles\steve2
whenChanged: 20120816093724.0Z
uSNChanged: 4030
distinguishedName: CN=steve2,CN=Users,DC=hh3,DC=site
hh30.hh3.site is the S4-DC and and hh32.hh3.site is the S3-file server.
Note that the entries for:
homeDirectory: \\hh30\home\steve2
profilePath: \\hh30\profiles\steve2
point to the DC _not_ the file server DOH!
I changed the entries to:
homeDirectory: \\hh32\home\steve2
profilePath: \\hh32\profiles\steve2
and home directories and profiles became meaninful once again :)
Not an easy one that. The error came because I was using the two
existing machines to to switch from s3fs all on one box to S4/S3 on two
separate boxes.
THanks everyone for staying with me on this.
I must say I prefer the DC with s3fs on one box.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
