Hi, Have you given your users & groups a uidNumber and/or gidNumber on the server?
Rowland On 16 July 2013 16:03, Matthew Daubenspeck <m...@oddprocess.org> wrote: > On Mon, Jul 15, 2013 at 09:19:48PM +0200, Marc Muehlfeld wrote: > > If you have multiple DCs, then the domain group/user/etc. stuff is > > automatically on each DC (directory replication). Member servers are > getting > > the xID information from the DCs. And for that you need an Idmap > > configuration. > > > > For your member servers, I recommend to use backend AD and retrieve the > xIDs > > from AD. Then you can edit the unix user/group information directly from > > ADUC, with all other account data. An example is in the HowTo: > https://wiki.samba.org/index.php/Samba4/Domain_Member#Setting_up_a_basic_smb.conf > > Also then your user/groups have the same xIDs on all members. > > It looks like I am close. I followed the wiki, replacing the necessary > items and started smbd, nmbd, and winbindd. The net ads join initially > failed with some DNS issues, I fixed those, and the join succeeded. Here > is what works: > > # wbinfo -p > Ping to winbindd succeeded > > # wbinfo -u > administrator > testuser1 > testuser > krbtgt > guest > > Newly added users appear as well, after the winbind cache time is up. > > # wbinfo -g > allowed rodc password replication group > enterprise read-only domain controllers > denied rodc password replication group > read-only domain controllers > group policy creator owners > ... > > However, I can't seem to get getent or id working. > > # id administrator > id: administrator: no such user > > # id testuser1 > id: testuser1: no such user > > However, if I create a temporary local user, then it seems to work > > # id testuser1 > uid=1002(testuser1) gid=1002(testuser1) > groups=1002(testuser1),4294967295,70002(BUILTIN\users) > > Here is nsswitch.conf > > # Begin /etc/nsswitch.conf > > passwd: files winbind > group: files winbind > > What could I be missing? Here is smb.conf on the member server: > > [global] > > workgroup = NWLTECH > security = ADS > realm = NWLTECH.ORG > encrypt passwords = yes > log level = 3 > > idmap config *:backend = tdb > idmap config *:range = 70001-80000 > idmap config NWLTECH:backend = ad > idmap config NWLTECH:schema_mode = rfc2307 > idmap config NWLTECH:range = 500-40000 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > > [share1] > path = /home/samba/share1 > read only = no > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba