Hello everybody
I have a big problem with a new server installation. We have a windows server 2008 r2 Actice Directory and Samba 3.4 File Server on Debian Lenny.
Samba get users from ADS over Winbind. My problem is, that some UUID of ADS Users have changed.
Here is a dump of the profile folder
Code:
drwxrwxrwx 4 *username* domänen-benutzer 4096 2010-10-21 14:08 *username*.V2
drwxrwxrwx 4 11017 10513 4096 2010-10-21 14:08 *username*.V2
drwxrwxrwx 4 11025 10513 4096 2010-10-21 14:08 *username*.V2
drwxrwxrwx 4 *username* domänen-benutzer 4096 2010-10-21 14:08 *username*.V2
I set chmod 0777 on all folders as a workaround, but thats not a really secure solution^^
And some users are in /etc/passwd, thats not normal or?
Samba Config:
Code:
[global]
#Server
realm = fqdn
workgroup = DOMAIN
netbios name = hostname
server string = %h server
obey pam restrictions = no
interfaces = eth0
#Pasword
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Re type\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
#Log
syslog = 3
log level = 3
log file = /var/log/samba/%I.log
max log size = 2000
#Domain Controller
domain master = No
local master = No
#Windows Settings
os level = 0
preferred master = 0
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d
security = ads
password server = 10.89.32.193 10.89.32.197
hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumb s.db/$RECYCLE.BIN/
#Default Charset
unix charset = UTF-8
display charset = UTF-8
#Scripts
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -g 100 -s /bin/false -d /dev/null %u
#winbind
idmap uid = 10100-50000
idmap gid = 10100-50000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind use default domain = yes
winbind refresh tickets = yes
template homedir = /home/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = true
restrict anonymous = 2
#idmap config fqdn:backend = rid
#idmap config fqdn:range = 10100-50000
#idmap backend = rid:fqdn = 10100-20000
#allow trusted domains = no
#User directories
[userdata$]
comment = userdata
path = /srv/data/userdata
store dos attributes = Yes
valid users = @DOMAIN+Domänen-benutzer
read only = No
create mask = 0600
directory mask = 0700
Thanks for help!
