Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] issue with multiple Samba DC and uid/gid assignment.
276 views
Skip to first unread message
daho...@comcast.net
Aug 24, 2013, 7:02:18 PM8/24/13
to
I have 2 Ubuntu 12.04/samba 4 servers acting as DCs for my Domain. I provisioned the Domain by using the classicupgrade (prior authentication was LDAP+Samba). I have added some new test users. I also have two files servers. One is running RHEL 5.9/Samba 3, the other Ubuntu 12.04/Samba 4. Users that have their home directories and profiles stored on the RHEL5.9/Samba 3 fileserver work correctly. Those that are mapped to the Ubuntu 12.04/Samba 4 fileserver get "permission denied" and temp profiles. It appears the issue is that for some reason, the users have different uid/gid on the 2 Samba 4 DCs .. and I don't know why. I used wbinfo to collect the following:
All the accounts were created on Server 1 using the s4user script (slightly modified to provide more output to the screen for debugging) from http://linuxcostablanca.blogspot.com .
However, the uid reported by the servers is different? Shouldn't server 1 have replicated this data to server 2? When I check the home directories, they have the uid associated with server 1.
Example: If I create a new user, the output from the script is:
> ./s4user Test24 User MyPassword staff server1
Creating s4 posix user Test24
Pls enter pwd for Test24
User: Test24 User
User 'Test24.User' created successfully
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: uidnumber
uidnumber: 3000054
-
add: gidnumber
gidnumber: 513
-
add:unixhomedirectory
unixhomedirectory: /home/staff/Test24.User
-
add: loginshell
loginshell: /bin/bash
Modified 1 records successfully
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
changetype: modify
replace: primarygroupid
primarygroupid: 513
sleeping for 5 seconds
Modified 1 records successfully
Creating the home directory and setting ownership
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,dc=us
changetype: modify
add: profilePath
profilePath: \\server1\profiles\Test24.User
-
add: homeDrive
homeDrive: P:
-
add: homeDirectory
homeDirectory: \\server1\home\staff\Test24.User
sleeping for 5 seconds
Modified 1 records successfully
New user: Test24 POSIX-ified as follows:
uid 3000054
gid 513
primaryGroupID 513
sid S-1-5-21-276688905-1455118844-2751846679-513
Then use wbinfo on each server:
Server1
> wbinfo -i Test24.User
Domain\Test24.User:*:3000054:513::/home/Domain/Test24.User:/bin/false
Server2
wbinfo -i Test24.User
Domain\Test24.User:*:3000134:100::/home/DomainTest24.User:/bin/false
Notice that the group id and uid are both different. Why?
The basics of the script are:
samba-tool user add Username Password
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=ncs,dc=k12,dc=de,dc=us /tmp/Username
Where the file Username has the entries needed to define the Unix information, and the information for the Account and Profile tabs in ADUC. Do I need to manuall run the ldbmodify command on server2 and modify the /usr/local/samba/private/sam.ldb to ensure that it is synced with server1?
Sincerely,
Dave Hopkins
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
All the accounts were created on Server 1 using the s4user script (slightly modified to provide more output to the screen for debugging) from http://linuxcostablanca.blogspot.com .
However, the uid reported by the servers is different? Shouldn't server 1 have replicated this data to server 2? When I check the home directories, they have the uid associated with server 1.
Example: If I create a new user, the output from the script is:
> ./s4user Test24 User MyPassword staff server1
Creating s4 posix user Test24
Pls enter pwd for Test24
User: Test24 User
User 'Test24.User' created successfully
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: uidnumber
uidnumber: 3000054
-
add: gidnumber
gidnumber: 513
-
add:unixhomedirectory
unixhomedirectory: /home/staff/Test24.User
-
add: loginshell
loginshell: /bin/bash
Modified 1 records successfully
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
changetype: modify
replace: primarygroupid
primarygroupid: 513
sleeping for 5 seconds
Modified 1 records successfully
Creating the home directory and setting ownership
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,dc=us
changetype: modify
add: profilePath
profilePath: \\server1\profiles\Test24.User
-
add: homeDrive
homeDrive: P:
-
add: homeDirectory
homeDirectory: \\server1\home\staff\Test24.User
sleeping for 5 seconds
Modified 1 records successfully
New user: Test24 POSIX-ified as follows:
uid 3000054
gid 513
primaryGroupID 513
sid S-1-5-21-276688905-1455118844-2751846679-513
Then use wbinfo on each server:
Server1
> wbinfo -i Test24.User
Domain\Test24.User:*:3000054:513::/home/Domain/Test24.User:/bin/false
Server2
wbinfo -i Test24.User
Domain\Test24.User:*:3000134:100::/home/DomainTest24.User:/bin/false
Notice that the group id and uid are both different. Why?
The basics of the script are:
samba-tool user add Username Password
ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=ncs,dc=k12,dc=de,dc=us /tmp/Username
Where the file Username has the entries needed to define the Unix information, and the information for the Account and Profile tabs in ADUC. Do I need to manuall run the ldbmodify command on server2 and modify the /usr/local/samba/private/sam.ldb to ensure that it is synced with server1?
Sincerely,
Dave Hopkins
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
daho...@comcast.net
Aug 24, 2013, 7:27:22 PM8/24/13
to
A quick follow-on ... if I examine the local sam.ldb on the server2 via ldbedit, it appears the information is correct, but wbinfo still reports different numbers:
wbinfo -i Test24.User
Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false
But the information in the /usr/local/samba/private/sam.ldb is:
# record 979
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Test24.User
instanceType: 4
whenCreated: 20130824224742.0Z
whenChanged: 20130824224803.0Z
uSNCreated: 10910
uSNChanged: 10910
name: Test24.User
objectGUID: f0cafbd5-aa3e-4c45-a3d1-1009efc9709e
userAccountControl: 512
codePage: 0
countryCode: 0
pwdLastSet: 130218580630000000
primaryGroupID: 513
profilePath: \\server1\profiles\Test24.User
objectSid: S-1-5-21-276688905-1455118844-2751846679-67110336
accountExpires: 9223372036854775807
sAMAccountName: Test24.User
sAMAccountType: 805306368
userPrincipalName: Test2...@ncs.k12.de.us
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us
uidNumber: 3000054
gidNumber: 513
unixHomeDirectory: /home/staff/Test24.User
loginShell: /bin/bash
distinguishedName: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
>wbinfo -i Test24.User
Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false
----- Original Message -----
wbinfo -i Test24.User
Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false
But the information in the /usr/local/samba/private/sam.ldb is:
# record 979
dn: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Test24.User
instanceType: 4
whenCreated: 20130824224742.0Z
whenChanged: 20130824224803.0Z
uSNCreated: 10910
uSNChanged: 10910
name: Test24.User
objectGUID: f0cafbd5-aa3e-4c45-a3d1-1009efc9709e
userAccountControl: 512
codePage: 0
countryCode: 0
homeDirectory: \\server1\home\staff\Test24.User
homeDrive: P:
pwdLastSet: 130218580630000000
primaryGroupID: 513
profilePath: \\server1\profiles\Test24.User
objectSid: S-1-5-21-276688905-1455118844-2751846679-67110336
accountExpires: 9223372036854775807
sAMAccountName: Test24.User
sAMAccountType: 805306368
userPrincipalName: Test2...@ncs.k12.de.us
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ncs,DC=k12,DC=de,DC=us
uidNumber: 3000054
gidNumber: 513
unixHomeDirectory: /home/staff/Test24.User
loginShell: /bin/bash
distinguishedName: CN=Test24.User,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
>wbinfo -i Test24.User
Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false
----- Original Message -----
steve
Aug 25, 2013, 3:56:06 AM8/25/13
to
On Sat, 2013-08-24 at 23:02 +0000, daho...@comcast.net wrote:
>
>
> Notice that the group id and uid are both different. Why?
How did you provision the second DC? Are they replicating OK? When they
>
>
> Notice that the group id and uid are both different. Why?
are, both DC's need:
idmap_ldb use:rfc2307 = Yes
in the [global] of their smb.conf
On either DC, winbind will only pull uid and gid from AD. If you want to
see all of rfc2307, you must use sssd or nslcd. Then getent passwd will
show not only the correct uidNumber and gidNumber, but also the
loginShell and unixHomeDirectory too
Advice: don't use Test24.User as a username for debugging. Lose the
capitalisation and the dot.
HTH
Steve
steve
Aug 25, 2013, 6:56:37 AM8/25/13
to
On Sat, 2013-08-24 at 23:27 +0000, daho...@comcast.net wrote:
> A quick follow-on ... if I examine the local sam.ldb on the server2 via ldbedit, it appears the information is correct, but wbinfo still reports different numbers:
>
Replication OK then.
> A quick follow-on ... if I examine the local sam.ldb on the server2 via ldbedit, it appears the information is correct, but wbinfo still reports different numbers:
>
> wbinfo -i Test24.User
> Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false
idmap_ldb use:rfc2307 = Yes
nscd not running
??
Rowland Penny
Aug 25, 2013, 8:23:33 AM8/25/13
to
On 25/08/13 08:56, steve wrote:
> On Sat, 2013-08-24 at 23:02 +0000, daho...@comcast.net wrote:
>
>>
>> Notice that the group id and uid are both different. Why?
> How did you provision the second DC? Are they replicating OK? When they
> are, both DC's need:
> On Sat, 2013-08-24 at 23:02 +0000, daho...@comcast.net wrote:
>
>>
>> Notice that the group id and uid are both different. Why?
> How did you provision the second DC? Are they replicating OK? When they
> are, both DC's need:
> idmap_ldb use:rfc2307 = Yes
> in the [global] of their smb.conf
>
> On either DC, winbind will only pull uid and gid from AD. If you want to
> see all of rfc2307, you must use sssd or nslcd. Then getent passwd will
> show not only the correct uidNumber and gidNumber, but also the
> loginShell and unixHomeDirectory too
>
> Advice: don't use Test24.User as a username for debugging. Lose the
> capitalisation and the dot.
> HTH
> Steve
>
>
Hi Steve, I think that you have inadvertently found a bug, I have never
>
> On either DC, winbind will only pull uid and gid from AD. If you want to
> see all of rfc2307, you must use sssd or nslcd. Then getent passwd will
> show not only the correct uidNumber and gidNumber, but also the
> loginShell and unixHomeDirectory too
>
> Advice: don't use Test24.User as a username for debugging. Lose the
> capitalisation and the dot.
> HTH
> Steve
>
>
run wbinfo -i on my second AD server, so I tried it and got this:
root@dc2:~# getent passwd user
user:*:3001106:20513:user:/DOMAIN/DOMAIN/user:to/bin/bash
root@dc2:~# wbinfo -i user
DOMAIN\user:*:3000007:100::/DOMAIN/DOMAIN/user:/bin/false
Hmm, something wrong there, looked in the smb.conf created by the join:
samba-tool domain join example.com DC -Uadministrator
--realm=example.com --dns-backend=BIND9_DLZ
There was no line: 'idmap_ldb:use rfc2307 = Yes' even though it exists
in the main dc smb.conf.
So I added it, restarted Samba 4 and now get this:
root@dc2:~# getent passwd user
user:*:3001106:20513:user:/home/HOME/user:/bin/bash
root@dc2:~# wbinfo -i user
HOME\user:*:3001106:20513::/home/HOME/user:/bin/false
So it would seem that any secondary DC that is created is not set up to
use RFC2307 even if the main DC is.
Rowland
daho...@comcast.net
Aug 25, 2013, 10:06:45 AM8/25/13
to
Steve and Rowland,
Thanks! I checked smb.conf on both servers and they are identical except for the netbios name. I still get different uid/gid numbers between the servers with wbinfo, even for accounts such as mine (dhopkins) that have been active for years (previous ldap+samba authentication) The smb.conf for the second server is:
# Global parameters
[global]
workgroup = NEWARKCHARTER
realm = ncs.k12.de.us
netbios name = NCSSAMBA1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder=10.1.1.10
allow dns updates=nonsecure and secure
# server services = +smb -s3fs
# dcerpc endpoint servers = +winreg +srvsvc
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ncs.k12.de.us/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[Profiles]
path = /opt/samba/Profiles
read only = no
[home]
path=/home
read only=no
I am a little confused about nscd and nslcd. I run nscd. Should I also be running nslcd on the samba 4 DCs? I am using nss-pam-ldapd with nslcd and nscd on my linux LTSP servers and the linux samba4/samba3 file servers but apparently I had a mistaken impression that I shouldn't run these on the domain controllers. I will add them. Finally, for the names, I can use lower case but our prior account naming convention was using the format given and this is the format of many names in the existing ldap database that was used via classicupgrade to provision samba4. If it will cause issues, I'll have to find a way to resolve it.
Thanks!
Dave
----- Original Message -----
From: "steve" <st...@steve-ss.com>
To: sa...@lists.samba.org
Sent: Sunday, August 25, 2013 6:56:37 AM
Subject: Re: [Samba] issue with multiple Samba DC and uid/gid assignment.
On Sat, 2013-08-24 at 23:27 +0000, daho...@comcast.net wrote:
> A quick follow-on ... if I examine the local sam.ldb on the server2 via ldbedit, it appears the information is correct, but wbinfo still reports different numbers:
>
Replication OK then.
> wbinfo -i Test24.User
> Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false
??
Thanks! I checked smb.conf on both servers and they are identical except for the netbios name. I still get different uid/gid numbers between the servers with wbinfo, even for accounts such as mine (dhopkins) that have been active for years (previous ldap+samba authentication) The smb.conf for the second server is:
# Global parameters
[global]
workgroup = NEWARKCHARTER
realm = ncs.k12.de.us
netbios name = NCSSAMBA1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder=10.1.1.10
allow dns updates=nonsecure and secure
# server services = +smb -s3fs
# dcerpc endpoint servers = +winreg +srvsvc
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ncs.k12.de.us/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[Profiles]
path = /opt/samba/Profiles
read only = no
[home]
path=/home
read only=no
I am a little confused about nscd and nslcd. I run nscd. Should I also be running nslcd on the samba 4 DCs? I am using nss-pam-ldapd with nslcd and nscd on my linux LTSP servers and the linux samba4/samba3 file servers but apparently I had a mistaken impression that I shouldn't run these on the domain controllers. I will add them. Finally, for the names, I can use lower case but our prior account naming convention was using the format given and this is the format of many names in the existing ldap database that was used via classicupgrade to provision samba4. If it will cause issues, I'll have to find a way to resolve it.
Thanks!
Dave
----- Original Message -----
From: "steve" <st...@steve-ss.com>
To: sa...@lists.samba.org
Sent: Sunday, August 25, 2013 6:56:37 AM
Subject: Re: [Samba] issue with multiple Samba DC and uid/gid assignment.
On Sat, 2013-08-24 at 23:27 +0000, daho...@comcast.net wrote:
> A quick follow-on ... if I examine the local sam.ldb on the server2 via ldbedit, it appears the information is correct, but wbinfo still reports different numbers:
>
Replication OK then.
> wbinfo -i Test24.User
> Domain\Test24.User:*:3000134:100::/home/Domain/Test24.User:/bin/false
idmap_ldb use:rfc2307 = Yes
nscd not running
??
Rowland Penny
Aug 25, 2013, 10:19:27 AM8/25/13
to
12.04 fileservers
Rowland
daho...@comcast.net
Aug 25, 2013, 10:36:04 AM8/25/13
to
> Hi, could you please post the smb.conf from both the RHEL5.9 & Ubuntu
> 12.04 fileservers
I made minimal changes to either of these. Just noticed that on the RHEL5.9/Samba3 fileserver that I don't have idmap_ldp:use rfc2307 = yes, but that system is working correctly (at least in the sense that user with home directories there do not have issues).
> 12.04 fileservers
New samba4/12.04 fileserver:
[global]
workgroup = NEWARKCHARTER
server string = NCSFS5 Samba 4 Server Version %v
netbios name = NCSFS5
realm = NCS.K12.DE.US
kerberos method = system keytab
idmap_ldp:use rfc2307 = yes
dns proxy = no
log file = /var/log/samba/log
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
interfaces = lo eth0 eth1
hosts allow = 127. 10.186. 10.179.
encrypt passwords = true
[homes]
comment = Home Directories
browseable = yes
read only = no
writable = yes
valid users = %S
create mask = 0600
directory mask = 0700
csc policy = disable
nt acl support = yes
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Pre-existing samba3/RHEL5.9 fileserver (just enough changes to join the domain)
[global]
workgroup = NEWARKCHARTER
server string = NCSFS2 Samba Server Version %v
netbios name = NCSFS2
interfaces = lo eth1
hosts allow = 127. 10.179. 10.186.
smb ports = 139
nt acl support = no
unix extensions = no
security = ads
realm = NCS.K12.DE.US
password server = NCSSAMBA1
encrypt passwords = yes
local master = no
os level = 33
preferred master = no
wins server = 10.179.2.25
dns proxy = no
load printers = yes
cups options = raw
printcap name = /etc/printcap
printing = cups
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = yes
writable = yes
valid users = %S
create mask = 0600
directory mask = 0700
csc policy = disable
nt acl support = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[Profiles]
comment = FS2 Network Profiles Service
path = /opt/samba/profiles
read only = no
store dos attributes = Yes
writeable = yes
create mask = 0600
directory mask = 0700
csc policy = disable
nt acl support = yes
[profiles.V2]
copy = profiles
browseable = no
read only = no
Rowland Penny
Aug 25, 2013, 10:44:05 AM8/25/13
to
you do not seem to have anything in smb.conf to pull the uidNumber &
gidNumber from the AD server, unless you are using sssd.
You can either use Steve's original nlscd setup, or install sssd or use
winbind. If you use winbind you require something like this in smb.conf:
idmap config EXAMPLE:range = 20000-3100000
idmap config EXAMPLE:backend = ad
idmap config *:range = 1100-2000
idmap config *:backend = tdb
Rowland
daho...@comcast.net
Aug 25, 2013, 11:16:49 AM8/25/13
to
> Hello, I am not surprised that you are getting different uids & gids, you do not seem to have anything in smb.conf to pull the uidNumber & gidNumber from the AD server, unless you are using > sssd.
> You can either use Steve's original nlscd setup, or install sssd or use winbind. If you use winbind you require something like this in smb.conf:
I used the nslcd approach on one of the samba4 domain controllers, got tickets and now smbclient fails with
> You can either use Steve's original nlscd setup, or install sssd or use winbind. If you use winbind you require something like this in smb.conf:
# smbclient -k -L ncssamba1
session setup failed: NT_STATUS_INVALID_SERVER_STATE
I also can't log onto my Windows 2008R2 either now. I get access denied. Definitely worried now.
Dave
Rowland Penny
Aug 25, 2013, 11:31:00 AM8/25/13
to
On 25/08/13 16:16, daho...@comcast.net wrote:
> > Hello, I am not surprised that you are getting different uids &
> gids, you do not seem to have anything in smb.conf to pull the
> uidNumber & gidNumber from the AD server, unless you are using > sssd.
>
> > You can either use Steve's original nlscd setup, or install sssd or
> use winbind. If you use winbind you require something like this in
> smb.conf:
>
> I used the nslcd approach on one of the samba4 domain controllers, got
> tickets and now smbclient fails with
>
> # smbclient -k -L ncssamba1
> session setup failed: NT_STATUS_INVALID_SERVER_STATE
>
> I also can't log onto my Windows 2008R2 either now. I get access
> denied. Definitely worried now.
>
> Dave
>
Hi, Where does Windows 2008R2 fit into this setup, is it in the same
> > Hello, I am not surprised that you are getting different uids &
> gids, you do not seem to have anything in smb.conf to pull the
> uidNumber & gidNumber from the AD server, unless you are using > sssd.
>
> > You can either use Steve's original nlscd setup, or install sssd or
> use winbind. If you use winbind you require something like this in
> smb.conf:
>
> I used the nslcd approach on one of the samba4 domain controllers, got
> tickets and now smbclient fails with
>
> # smbclient -k -L ncssamba1
> session setup failed: NT_STATUS_INVALID_SERVER_STATE
>
> I also can't log onto my Windows 2008R2 either now. I get access
> denied. Definitely worried now.
>
> Dave
>
domain? is it the primary AD server?
I would suggest that you read Steve's site a bit more but this time
about sssd.
I would also suggest that you just use the Samba 4 DCs just for
authentication and use the Samba fileservers to store the profiles etc.
You would then not need anything but the basic Samba4 setup on the AD DCs.
Rowland
daho...@comcast.net
Aug 25, 2013, 11:52:46 AM8/25/13
to
> Hi, Where does Windows 2008R2 fit into this setup, is it in the same domain? is it the primary AD server?
> I would suggest that you read Steve's site a bit more but this time about sssd.
> I would also suggest that you just use the Samba 4 DCs just for authentication and use the Samba fileservers to store the profiles etc. You would then not need anything but the basic Samba4 setup on the AD DCs.
I am still not clear if I should be installing nslcd on the AD DCs. And if I do, what is the correct setting setting for the following in nslcd.conf
# The location at which the LDAP server(s) should be reachable.
uri ldap://ncssamba1.ncs.k12.de.us/
Should this point to the local machine, e.g. ncssamba1 for nslcd running on ncssamba1, ncssamba2 for nslcd running on ncssamba2 or should it point to the same ldap server on all AD DCs? I am willing to migrate from nslcd to sssd but need to understand what needs to be uninstalled/installed where before attempting it.
Sincerely,
Dave Hopkins
Rowland Penny
Aug 25, 2013, 12:03:14 PM8/25/13
to
anything else on them, you just need to add the relevant attributes
(uidNumber, gidNumber, homeDirectory,profilePath etc) to each user.
You just need to set up samba on the fileservers to pull and use this
information.
If you use sssd to do this, you will use kerberos, so very little extra
needs to be added other than sssd, sssd-tools and krb5.
Rowland
steve
Aug 25, 2013, 3:45:02 PM8/25/13
to
The OP is running nscd. This must be disabled, otherwise wbinfo and
getent will always come from the cache. Any change to AD will not be
reflected until the cache is cleared. I'm almost certain that the issue
can be cured by disabling nscd
Cheers,
Steve
0 new messages