Re: [Samba] Samba 4.0.0 upgrade to 4.0.5 from source
Am 13.05.2013 11:21, schrieb Michael De Groote: (check for 'dns' on the 'server services' line in smb.conf,) so there were errors in the logfile about not being able to setup some services, which seemed to have as consequence that some instances died Am 13.05.2013 14:24, schrieb Mārtiņš Gailītis: Here is my smb.conf and part of log file from working 4.0.0 installation. [global] ... server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns Is samba internal DNS is trying start as well?! Let's see... Yes. ;) Try to start without DNS. You just have to remove the last two entries from your server services . It should look like this: [global] ... server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain users are loosing there groups after some time. (samba maillist)
Hello, sorry that i didn't answer sooner. (I was ill the last few days.) We didn't resolve the problem yet. But we wonna try to use the patch Micha Lenk mentioned in his post. (https://bugzilla.samba.org/show_bug.cgi?id=8523) We think, until the cache problem is resolved, it is better to have no cache then a bad cache. Also i read the posts of the last few days on the list. And i think this is a big problem. When i read the posts right, many problems with security=ADS are linked to this problem. i know this wasn't a big help, yet. But i hope i could tell you more in a few days. best regards Benedikt P.S.: Had someone else tested the patch successfully, yet? Am 14.03.2012 08:16, schrieb Голостенов Михаил: Hello. You write in mailing.unix.samba http://groups.google.com/group/mailing.unix.samba about problem with loosing groups in samba 3.6.3 I have update my samba servers to this version and have same problem. How did you decide this problem? Thanks. Best regards, *Golostenov Mikhail* System Administrator XSTREAM Company Tel./Fax. +7 (495) 984-0266/797-8070 доб. 108 Skype: xstream-company skype:xstream-company?call Web: www.xstream.ru http://www.xstream.ru http://www.xstream.ru/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain users are loosing there groups after some time.
Hello, did you also have trusted domains? Maybe it is a problem with the trusted domains. i found these lines in my log. I don't know if they are connected to our problem: get_privileges: No privileges assigned to SID [S-1-5-21-294205347-2210353748-1205674024-501] get_privileges: No privileges assigned to SID [S-1-5-21-294205347-2210353748-1205674024-513] get_privileges: No privileges assigned to SID [S-1-5-21-294205347-2210353748-1205674024-546] get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] Security token SIDs (10): SID[ 0]: S-1-5-21-294205347-2210353748-1205674024-501 SID[ 1]: S-1-5-21-294205347-2210353748-1205674024-513 SID[ 2]: S-1-5-21-294205347-2210353748-1205674024-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-7 SID[ 8]: S-1-22-2-70002 SID[ 9]: S-1-22-2-70546 these lines reapear. And in other SID tokens there is no problem with get_privileges: No privileges assigned to SID [S-1-5-2] best regards Benedikt Am 15.03.2012 12:16, schrieb Голостенов Михаил: Thanks. But i really need many groups for users. My primary group give readonly acces for shared folder and supplementary groups give write access. Sometimes users can't write to their folders with your symptoms, because they loose supplementary groups.. I had samba 3.0.x , but now i need 3.6.3 version, because it is correctly works with Win7 clients. With 3.5.x i have some problems with permissions.. Thanks. - Original Message - From: Benedikt Schindler To: samba@lists.samba.org Cc: goloste...@xstream.ru Sent: Thursday, March 15, 2012 2:51 PM Subject: Re: [Samba] Domain users are loosing there groups after some time. Hello, i just did a workaround. Most of our files and most of our employees have a permission for the group Domain\Employees. So we changed in windows the primary group of each user to Domain\Employee. The primary group did not get lost in samba 3.6.3. (If you edit the groups of a user in windows, there is a button Set primary group.) This did not solve the problem, but it reduced the problem for us to a working minimum. Which samba version did you have before the update? Because i don't know which version we had before our update, so i couldnt't define where the bug went into the code. Best regards, Benedikt Schindler Golostenov Mikhail wrote: Hello. You write in mailing.unix.samba about problem with loosing groups in samba 3.6.3 I have update my samba servers to this version and have same problem. How did you decide this problem? Thanks. Best regards, Golostenov Mikhail System Administrator XSTREAM Company Tel./Fax. +7 (495) 984-0266/797-8070 доб. 108 Skype: xstream-company Web: www.xstream.ru Am 03.03.2012 16:36, schrieb Benedikt Schindler: Am 02.03.2012 19:59, schrieb Dale Schroeder: On 03/02/2012 5:39 AM, Benedikt Schindler wrote: Samba version : 3.6.3 Filesystem :BTRFS Clients : XP, Win7 Log Level : 5 When we start our samba server everything works fine. After a few days, some of our users are not allowed to connect to shares anymore. When we restart the clients they can connect for a short time and then say have the same problem again. When we restart the server everything works fine for a few days again. We set the winbind offline logon = yes and it slowed down the process, but didn't stop it. After a long search i think i found the problem. The user has 401217 as mapped ID, and should be in the groups 400513 401612 401609 401611 But samba just put him into 400513 401612 401611 So samba lost one group. And thats the reason the user is not allowed to connect to the share, because only the group 401609 has a read permisson. Any ideas how that could happen? Here is a log of a failed login: [2012/03/02 11:37:52.842978, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (15): SID[ 0]: S-1-5-21-1004336348-920026266-682003330-1217 SID[ 1]: S-1-5-21-1004336348-920026266-682003330-513 SID[ 2]: S-1-5-21-1004336348-920026266-682003330-1612 SID[ 3]: S-1-5-21-1004336348-920026266-682003330-1609 SID[ 4]: S-1-5-21-1004336348-920026266-682003330-1611 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-22-1-401217 SID[ 9]: S-1-22-2-400513 SID[ 10]: S-1-22-2-401612 SID[ 11]: S-1-22-2-401611 SID[ 12]: S-1-22-2-7 SID[ 13]: S-1-22-2-70002 SID[ 14]: S-1-22-2-70011 Privileges (0x 0): Rights (0x 0): [2012/03/02 11:37:52.843247, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 401217 Primary group is 400513 and contains 6 supplementary groups Group[ 0
Re: [Samba] Domain users are loosing there groups after some time.
Hello, i just did a workaround. Most of our files and most of our employees have a permission for the group Domain\Employees. So we changed in windows the primary group of each user to Domain\Employee. The primary group did not get lost in samba 3.6.3. (If you edit the groups of a user in windows, there is a button Set primary group.) This did not solve the problem, but it reduced the problem for us to a working minimum. Which samba version did you have before the update? Because i don't know which version we had before our update, so i couldnt't define where the bug went into the code. Best regards, Benedikt Schindler Golostenov Mikhail wrote: Hello. You write in mailing.unix.samba about problem with loosing groups in samba 3.6.3 I have update my samba servers to this version and have same problem. How did you decide this problem? Thanks. Best regards, Golostenov Mikhail System Administrator XSTREAM Company Tel./Fax. +7 (495) 984-0266/797-8070 доб. 108 Skype: xstream-company Web: www.xstream.ru Am 03.03.2012 16:36, schrieb Benedikt Schindler: Am 02.03.2012 19:59, schrieb Dale Schroeder: On 03/02/2012 5:39 AM, Benedikt Schindler wrote: Samba version : 3.6.3 Filesystem :BTRFS Clients : XP, Win7 Log Level : 5 When we start our samba server everything works fine. After a few days, some of our users are not allowed to connect to shares anymore. When we restart the clients they can connect for a short time and then say have the same problem again. When we restart the server everything works fine for a few days again. We set the winbind offline logon = yes and it slowed down the process, but didn't stop it. After a long search i think i found the problem. The user has 401217 as mapped ID, and should be in the groups 400513 401612 401609 401611 But samba just put him into 400513 401612 401611 So samba lost one group. And thats the reason the user is not allowed to connect to the share, because only the group 401609 has a read permisson. Any ideas how that could happen? Here is a log of a failed login: [2012/03/02 11:37:52.842978, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (15): SID[ 0]: S-1-5-21-1004336348-920026266-682003330-1217 SID[ 1]: S-1-5-21-1004336348-920026266-682003330-513 SID[ 2]: S-1-5-21-1004336348-920026266-682003330-1612 SID[ 3]: S-1-5-21-1004336348-920026266-682003330-1609 SID[ 4]: S-1-5-21-1004336348-920026266-682003330-1611 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-22-1-401217 SID[ 9]: S-1-22-2-400513 SID[ 10]: S-1-22-2-401612 SID[ 11]: S-1-22-2-401611 SID[ 12]: S-1-22-2-7 SID[ 13]: S-1-22-2-70002 SID[ 14]: S-1-22-2-70011 Privileges (0x 0): Rights (0x 0): [2012/03/02 11:37:52.843247, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 401217 Primary group is 400513 and contains 6 supplementary groups Group[ 0]: 400513 Group[ 1]: 401612 Group[ 2]: 401611 Group[ 3]: 7 Group[ 4]: 70002 Group[ 5]: 70011 [2012/03/02 11:37:52.843372, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,401217), gid=(0,400513) [2012/03/02 11:37:52.843408, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/data [2012/03/02 11:37:52.843443, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/data [2012/03/02 11:37:52.843476, 3] smbd/service.c:190(set_current_service) chdir (/home/data) failed, reason: Keine Berechtigung [2012/03/02 11:37:52.843509, 3] smbd/error.c:81(error_packet_set) error packet at smbd/process.c(1558) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED Configuration parts that are maybe interresting: smb.conf: security = ADS socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY nt acl support = yes vfs objects = acl_xattr winbind enum users = yes winbind enum groups = yes winbind offline logon = yes allow trusted domains = yes idmap config * : backend = rid idmap config * : range = 7-9 idmap config * : base_rid= 0 idmap config A : backend = rid idmap config A : range = 40-49 idmap config A : base_rid= 0 idmap config B : backend = rid idmap config B : range= 30-39 idmap config B : base_rid = 0 Benedikt, Check this bug - https://bugzilla.samba.org/show_bug.cgi?id=8676 - to see if any of these symptoms match those of your systems when the group loss happens. Dale Hello Dale, none of these symptoms exists on our server. And it's more like the existing connection is loosing the group. The windows client is connected to \\server.domain.tld\data and this connection broke after some
Re: [Samba] Domain users are loosing there groups after some time.
Am 02.03.2012 19:59, schrieb Dale Schroeder: On 03/02/2012 5:39 AM, Benedikt Schindler wrote: Samba version : 3.6.3 Filesystem :BTRFS Clients : XP, Win7 Log Level : 5 When we start our samba server everything works fine. After a few days, some of our users are not allowed to connect to shares anymore. When we restart the clients they can connect for a short time and then say have the same problem again. When we restart the server everything works fine for a few days again. We set the winbind offline logon = yes and it slowed down the process, but didn't stop it. After a long search i think i found the problem. The user has 401217 as mapped ID, and should be in the groups 400513 401612 401609 401611 But samba just put him into 400513 401612 401611 So samba lost one group. And thats the reason the user is not allowed to connect to the share, because only the group 401609 has a read permisson. Any ideas how that could happen? Here is a log of a failed login: [2012/03/02 11:37:52.842978, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (15): SID[ 0]: S-1-5-21-1004336348-920026266-682003330-1217 SID[ 1]: S-1-5-21-1004336348-920026266-682003330-513 SID[ 2]: S-1-5-21-1004336348-920026266-682003330-1612 SID[ 3]: S-1-5-21-1004336348-920026266-682003330-1609 SID[ 4]: S-1-5-21-1004336348-920026266-682003330-1611 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-22-1-401217 SID[ 9]: S-1-22-2-400513 SID[ 10]: S-1-22-2-401612 SID[ 11]: S-1-22-2-401611 SID[ 12]: S-1-22-2-7 SID[ 13]: S-1-22-2-70002 SID[ 14]: S-1-22-2-70011 Privileges (0x 0): Rights (0x 0): [2012/03/02 11:37:52.843247, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 401217 Primary group is 400513 and contains 6 supplementary groups Group[ 0]: 400513 Group[ 1]: 401612 Group[ 2]: 401611 Group[ 3]: 7 Group[ 4]: 70002 Group[ 5]: 70011 [2012/03/02 11:37:52.843372, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,401217), gid=(0,400513) [2012/03/02 11:37:52.843408, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/data [2012/03/02 11:37:52.843443, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/data [2012/03/02 11:37:52.843476, 3] smbd/service.c:190(set_current_service) chdir (/home/data) failed, reason: Keine Berechtigung [2012/03/02 11:37:52.843509, 3] smbd/error.c:81(error_packet_set) error packet at smbd/process.c(1558) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED Configuration parts that are maybe interresting: smb.conf: security = ADS socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY nt acl support = yes vfs objects = acl_xattr winbind enum users = yes winbind enum groups = yes winbind offline logon = yes allow trusted domains = yes idmap config * : backend = rid idmap config * : range = 7-9 idmap config * : base_rid= 0 idmap config A : backend = rid idmap config A : range = 40-49 idmap config A : base_rid= 0 idmap config B : backend = rid idmap config B : range= 30-39 idmap config B : base_rid = 0 Benedikt, Check this bug - https://bugzilla.samba.org/show_bug.cgi?id=8676 - to see if any of these symptoms match those of your systems when the group loss happens. Dale Hello Dale, none of these symptoms exists on our server. And it's more like the existing connection is loosing the group. The windows client is connected to \\server.domain.tld\data and this connection broke after some time. (Because of the group) You could open a second connection from the same computer to the same server by using \\server\data with no problems. And it's not about FQDN or not. It also appears the other way arround. If you restart the client, the client could connect without any problems ... until it looses the group again. best regards Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain users are loosing there groups after some time.
Samba version : 3.6.3 Filesystem :BTRFS Clients : XP, Win7 Log Level : 5 When we start our samba server everything works fine. After a few days, some of our users are not allowed to connect to shares anymore. When we restart the clients they can connect for a short time and then say have the same problem again. When we restart the server everything works fine for a few days again. We set the winbind offline logon = yes and it slowed down the process, but didn't stop it. After a long search i think i found the problem. The user has 401217 as mapped ID, and should be in the groups 400513 401612 401609 401611 But samba just put him into 400513 401612 401611 So samba lost one group. And thats the reason the user is not allowed to connect to the share, because only the group 401609 has a read permisson. Any ideas how that could happen? Here is a log of a failed login: [2012/03/02 11:37:52.842978, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (15): SID[ 0]: S-1-5-21-1004336348-920026266-682003330-1217 SID[ 1]: S-1-5-21-1004336348-920026266-682003330-513 SID[ 2]: S-1-5-21-1004336348-920026266-682003330-1612 SID[ 3]: S-1-5-21-1004336348-920026266-682003330-1609 SID[ 4]: S-1-5-21-1004336348-920026266-682003330-1611 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-22-1-401217 SID[ 9]: S-1-22-2-400513 SID[ 10]: S-1-22-2-401612 SID[ 11]: S-1-22-2-401611 SID[ 12]: S-1-22-2-7 SID[ 13]: S-1-22-2-70002 SID[ 14]: S-1-22-2-70011 Privileges (0x 0): Rights (0x 0): [2012/03/02 11:37:52.843247, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 401217 Primary group is 400513 and contains 6 supplementary groups Group[ 0]: 400513 Group[ 1]: 401612 Group[ 2]: 401611 Group[ 3]: 7 Group[ 4]: 70002 Group[ 5]: 70011 [2012/03/02 11:37:52.843372, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,401217), gid=(0,400513) [2012/03/02 11:37:52.843408, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/data [2012/03/02 11:37:52.843443, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /home/data [2012/03/02 11:37:52.843476, 3] smbd/service.c:190(set_current_service) chdir (/home/data) failed, reason: Keine Berechtigung [2012/03/02 11:37:52.843509, 3] smbd/error.c:81(error_packet_set) error packet at smbd/process.c(1558) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED Configuration parts that are maybe interresting: smb.conf: security = ADS socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY nt acl support = yes vfs objects = acl_xattr winbind enum users = yes winbind enum groups = yes winbind offline logon = yes allow trusted domains = yes idmap config * : backend = rid idmap config * : range = 7-9 idmap config * : base_rid= 0 idmap config A : backend = rid idmap config A : range = 40-49 idmap config A : base_rid= 0 idmap config B : backend = rid idmap config B : range= 30-39 idmap config B : base_rid = 0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Domain users are loosing there groups after some time.
and of course When we restart the clients they can connect for a short time and then say have the same problem again. should be When we restart the clients they can connect for a short time, and then they have the same problem again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Am 19.08.2011 14:44, schrieb David Touzeau: The winbindd allows to have correct informations #wbinfo -t checking the trust secret for domain MAISON via RPC calls succeeded #wbinfo -n MAISON/Administrateur S-1-5-21-3790408397-595478388-2982168515-500 SID_USER (1) #wbinfo -s S-1-5-21-3790408397-595478388-2982168515-500 MAISON/Administrateur 1 #wbinfo -S S-1-5-21-3790408397-595478388-2982168515-500 60500 if this works. everything should be fine. Bet getent did not see any Active directoy users Any tips on this ? Does the service nscd run on your server? Turn it off and try again. You could also try if you could connect to the server, even if it does not list the users in getent. Before testing i would flush the cache net cache flush justin case :) I also don't know if it is a problem that your * range is in the range of MAISON. idmap config MAISON:range = 6-5000 idmap config * : range = 100-199 why don't you try idmap config * : backend = rid idmap config * : range = 5001-599 best regards Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.0: unable to list Active Directoy users WBC_ERR_DOMAIN_NOT_FOUND
Am 18.08.2011 06:07, schrieb John H Terpstra: On 08/17/2011 02:05 PM, David Touzeau wrote: I think this new version is not really ready for production... There is so many strange things... Or misunderstanding whats going wrong I respect that some may be experiencing difficulties with deployment of Samba 3.6.0. I have been using 3.6.0 in its various pre-release forms (and now the stable release) for many months without a single problem. I have deployed it in some very complex as well as some simple configurations - all without any issues. The purpose of this response is to point out that Samba 3.6.0 is perhaps not as not really ready for production use readers of this list may interpret from these reports. Cheers, John T. Le lundi 15 août 2011 à 14:07 -0700, Linda W a écrit : ` Peacock,Josh wrote: I am also experiencing the same problems. I am running 3.6 on AIX 6.1. I do have a 3.5.8 installation running without problem (I understand some major changes have happened.) I took the smb.conf from my 3.5.8 install and changed appropriately for 3.6 (At least as far as I catell). Yeah, I still have this error even after downgrading to 3.5.10 -- I think 3.6 corrupted my userdb or changed the format... I suppose I need to allocate a new one and start from scratch to fix it... But lots of problems related to looking up the domain, the PDC and some users. I did try to report it, but since I wasn't certain what was going on and just had a bunch of random symptoms, I got ignored. But I did warn them that other users would likely have problems and should be warned... That was ignored too.. I had the same error until today. It works for me with base_rid = 0 TRY: idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 6-5000 idmap config MYDOMAIN : base_rid = 0 -- Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] base_rid = 1000 didn't work; base_rid = 0 works; (was:[ Re: samba 3.6: autorid has no domain order ])
Hello Christian, i could send you over the logs. But they realy show no sign of something is going wrong. The problem is solved for me. The config that does not work is : idmap config * : backend = rid idmap config * : range = 7 - 9 idmap config * : base_rid= 1000 idmap config A : backend = rid idmap config A : range = 10 - 19 idmap config A : base_rid= 1000 idmap config B : backend = rid idmap config B : range= 20 - 29 idmap config B : base_rid = 1000 The config that works is : idmap config * : backend = rid idmap config * : range = 7 - 9 idmap config * : base_rid= 0 idmap config A : backend = rid idmap config A : range = 10 - 19 idmap config A : base_rid= 0 idmap config B : backend = rid idmap config B : range= 20 - 29 idmap config B : base_rid = 0 I could reproduce this error as often as i want. when i set base_rid to 1000, getent passwd does not get any information. and wbinfo -S aSID shows WBC_ERR_DOMAIN_NOT_FOUND. Whe i set base_rid to 0 everthing just works fine. i still have the logs, and i could send them to you. But i realy see no differnce in the logs between Base_rid = 1000 and base_rid = 0 by the way wbinfo -u and wbinfo -g works fine with both configs. Regards, Benedikt P.S.: Thanks for the nice work. Am 16.08.2011 17:11, schrieb Christian M Ambach: Benedikt wrote on 08/16/2011 11:04:57 AM: i try to create a samba server for more then one trusted domain. I know there were some issues with samba 3.5, and in the internet i always read, i should use samba 3.4. So i wanted to give 3.6 a chance. I first tried autorid with a config like this: winbind enum users = yes winbind enum groups = yes idmap backend = autorid idmap gid = 10-149 idmap gid = 10-149 allow trusted domains = yes It works fine. And Domain A starts in the 20 and Domain B with 30. But my problem is, i have two different samba Servers that should get the same uid and gid. On the second Server Domain B also starts with 30 but domain A starts with 400. So there is no correct mapping between these two servers. It is, because the main Domain of the second server is B and not A like in the first server. Is there a way to tell autorid a order of domains? like: idmap autorid domains = A, B no, there isn't a way to do this currently. I planned to eventually release a tool which allows you to derive a static configuration based on idmap_rid out of the values in the autorid database. Looks like you attempted to do this manually: winbind enum users = yes winbind enum groups = yes allow trusted domains = yes idmap config A : backend = rid idmap config A : range = 10 - 19 idmap config A : base_rid= 1000 idmap config B : backend = rid idmap config B : range= 20 - 29 idmap config B : base_rid = 1000 But to use the same mappings as autorid on the first server, you need to set base_rid to 0 on the second server. if i delete all the idmap config * parts it won't work again. But also if it does work i need trusted domain support. the only config that realy works right now, is the new autorid. Did you try net cache flush to clear previous mappings with different configurations from the caches? LogLevel10 shows no errors at all. Can you put the logs somewhere for download or send them over? log.winbindd-idmap would be of most interest. Regards, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.6: autorid has no domain order
Hello, also in LogLevel 10 there is no error i could find. But i have more config examples and what happens. if i use this config: winbind enum users = yes winbind enum groups = yes allow trusted domains = yes idmap config * : backend = tdb idmap config * : range = 7-9 idmap config A : backend = rid idmap config A : range = 10 - 19 idmap config A : base_rid= 1000 idmap config B : backend = rid idmap config B : range= 20 - 29 idmap config B : base_rid = 1000 i get folowing message from a SID of domain A: server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-1004336348-920026266-682003330-1113 to uid i change this line allow trusted domains = no server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113 failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid S-1-5-21-1004336348-920026266-682003330-1113 to uid it does not work. i change this line idmap config * : backend = rid server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113 100113 so it works ... but getent passwd still does not show any user. so there is still a long way to go. if i delete all the idmap config * parts it won't work again. But also if it does work i need trusted domain support. the only config that realy works right now, is the new autorid. LogLevel10 shows no errors at all. Benedikt Am 12.08.2011 18:23, schrieb Benedikt Schindler: Hello, i try to create a samba server for more then one trusted domain. I know there were some issues with samba 3.5, and in the internet i always read, i should use samba 3.4. So i wanted to give 3.6 a chance. I first tried autorid with a config like this: winbind enum users = yes winbind enum groups = yes idmap backend = autorid idmap gid = 10-149 idmap gid = 10-149 allow trusted domains = yes It works fine. And Domain A starts in the 20 and Domain B with 30. But my problem is, i have two different samba Servers that should get the same uid and gid. On the second Server Domain B also starts with 30 but domain A starts with 400. So there is no correct mapping between these two servers. It is, because the main Domain of the second server is B and not A like in the first server. Is there a way to tell autorid a order of domains? like: idmap autorid domains = A, B I also read the mail about the new idmapping so i also tried these configuration: winbind enum users = yes winbind enum groups = yes allow trusted domains = yes idmap config A : backend = rid idmap config A : range = 10 - 19 idmap config A : base_rid= 1000 idmap config B : backend = rid idmap config B : range= 20 - 29 idmap config B : base_rid = 1000 With this configuration i get with winbind -u all users, but getent passwd is still empty. And a group group-info shows WBC_ERR_DOMAIN_NOT_FOUND. server:/ # wbinfo --group-info A\\marketing failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group A\marketing server:/ # wbinfo --group-info B\\marketing failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group B\marketing I didn't find any real helpfull logs to get a clue what's wrong with this config. But i think it is the same as in 3.5 and i have to go back to 3.4? any ideas? best regards Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3.6: autorid has no domain order
Hello, i try to create a samba server for more then one trusted domain. I know there were some issues with samba 3.5, and in the internet i always read, i should use samba 3.4. So i wanted to give 3.6 a chance. I first tried autorid with a config like this: winbind enum users = yes winbind enum groups = yes idmap backend = autorid idmap gid = 10-149 idmap gid = 10-149 allow trusted domains = yes It works fine. And Domain A starts in the 20 and Domain B with 30. But my problem is, i have two different samba Servers that should get the same uid and gid. On the second Server Domain B also starts with 30 but domain A starts with 400. So there is no correct mapping between these two servers. It is, because the main Domain of the second server is B and not A like in the first server. Is there a way to tell autorid a order of domains? like: idmap autorid domains = A, B I also read the mail about the new idmapping so i also tried these configuration: winbind enum users = yes winbind enum groups = yes allow trusted domains = yes idmap config A : backend = rid idmap config A : range = 10 - 19 idmap config A : base_rid= 1000 idmap config B : backend = rid idmap config B : range= 20 - 29 idmap config B : base_rid = 1000 With this configuration i get with winbind -u all users, but getent passwd is still empty. And a group group-info shows WBC_ERR_DOMAIN_NOT_FOUND. server:/ # wbinfo --group-info A\\marketing failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group A\marketing server:/ # wbinfo --group-info B\\marketing failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group B\marketing I didn't find any real helpfull logs to get a clue what's wrong with this config. But i think it is the same as in 3.5 and i have to go back to 3.4? any ideas? best regards Benedikt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
