You are not logged in.
- Topics: Active | Unanswered
#1 2021-06-02 02:32:46
- avi9526
- Member
- Registered: 2015-05-15
- Posts: 116
Samba Domain Controller SID UID overlap
I created domain controller and file share server with latest samba.
But got problem, "Authenticated users" could not reach required folder
And after digging problem I have found that for
wbinfo -U $(wbinfo -S S-1-5-11)does not give S-1-5-11
Some other group ("Schema Admins") was mapped to same UID (or GID) as "Authenticated users" (S-1-5-11)
ldbedit -e nano -H /var/lib/samba/private/idmap.ldbwas missing "S-1-5-11"
Recreating domain (multiple times) helped, and now its seems to be ok (problem is gone). But I not sure if I safe for future.
My config
# Global parameters
[global]
log level = 1 auth_audit:3 auth_json_audit:3
dns forwarder = ***
netbios name = ***
realm = ***
server role = active directory domain controller
workgroup = ***
idmap_ldb:use rfc2307 = yes
smb encrypt = required
full_audit:failure = none
full_audit:success = pwrite write rename
full_audit:prefix = USER=%u|IP=%I|MACHINE=%m|VOLUME=%S
full_audit:facility = local7
full_audit:priority = NOTICE
#vfs objects = acl_xattr
map acl inherit = yes
inherit acls = yes
inherit owner = yes
inherit permissions = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
vfs objects = full_audit
[netlogon]
path = /var/lib/samba/sysvol/***/scripts
read only = No
vfs objects = full_audit
[nfs]
path = /home/samba/nfs
read only = No
vfs objects = full_audit
full_audit:success = none
full_audit:failure = none
#vfs objects = acl_xattr
#acl_xattr:ignore system acls = yes
#acl_xattr:default acl style = windowsWas wondering if anyone had similar problem or know why that could happen (obviously I can't debug this problem anymore).
Last edited by avi9526 (2021-06-02 02:33:53)
Offline