- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Change Samba idmap with AD
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I have a nas that was installed long ago with a firmware pre 6.5 and then upgraded to the last, with this nas the idmap with ad is different that one started with a recent firmware.
It's possible change the way idmap work to the same automatic behaviour like in the new firmware, having in smb.conf from idmap config * : backend = tdb to idmap config * : backend = rid?
smb.conf is autogenerated so it cannon be modifiied
Thanks
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
SOLVED !!!
here the step
- Switch from AD to Local users.
- NEW - Disabled samba in each share
- Wipe the permissions under File access tab / reset of each shares settings section.
- Edit /etc/samba/smb.conf to replace tdb by: rid
- Execute: net cache flush
- NEW - Reboot
- Join AD with "trusted domain" unchecked.
After these steps now idmap use rid.
Thank for all suggestions
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Change Samba idmap with AD
I would:
- Switch from AD to Local users.
- Wipe the permissions under File access tab / reset of each shares settings section.
- Join AD with "trusted domain" unchecked.
- Check smb.conf that it's using rid instead of tdb.
- Reapply the permissions: https://kb.netgear.com/7066/ReadyNAS-OS-6-Setting-Active-Directory-folder-permissions
If smb.conf still uses tdb, I can try to confirm how to manually change it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Change Samba idmap with AD
Hi jak0lantash,
thank for the suggestion
made:
- Switch from AD to Local users - done
- Set file owner to guest and group owner to guest - done
- Wipe the permissions under File access tab / reset of each shares settings section. - done
- Deleted the nas account on domain - done
- Join AD with "trusted domain" unchecked. - done
- Check smb.conf that it's using rid instead of tdb. - NO, still idmap config * : backend = tdb
I
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Change Samba idmap with AD
@cs_giuseppe wrote:
- Check smb.conf that it's using rid instead of tdb. - NO, still idmap config * : backend = tdb
I wish this would behave differently...
Try to edit smb.conf to replace tdb by: rid
Then: net cache flush
Then start the steps again. If you get to rid, the mapping table should be calculated consistently across both devices.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Change Samba idmap with AD
Hi
tried it but no change, still tdb
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Change Samba idmap with AD
Please confirm if these are the steps you followed:
- Switch from AD to Local users.
- Wipe the permissions under File access tab / reset of each shares settings section.
- Edit /etc/samba/smb.conf to replace tdb by: rid
- Execute: net cache flush
- Join AD with "trusted domain" unchecked.
- Check smb.conf that it's using rid instead of tdb.
- If so, reapply the permissions: https://kb.netgear.com/7066/ReadyNAS-OS-6-Setting-Active-Directory-folder-permissions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Change Samba idmap with AD
Hi,
I'm setting a test enviroment with a virtualbox nas for testing so I don not touch many the main production nas.
Keep you updated
Thanks for all support
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Change Samba idmap with AD
Hi
I made all on the test nas:
- Switch from AD to Local users.
- Wipe the permissions under File access tab / reset of each shares settings section.
- Edit /etc/samba/smb.conf to replace tdb by: rid
- Execute: net cache flush
- Join AD with "trusted domain" unchecked.
but nothing, still tdb
I founf when the problem arise, with fw 6.5.0 there are problem with ad auth and I check 'trusted domian' this set the tdb and now even is uncheced no rid.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Change Samba idmap with AD
Before 6.5.0, it used tdb.
Since 6.5.0, if trusted domain is unchecked, it uses rid.
Since 6.5.0, if trusted domain is checked, it uses tdb.
Once it starts using tdb, the GUI doesn't allow you to switch back to rid.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
SOLVED !!!
here the step
- Switch from AD to Local users.
- NEW - Disabled samba in each share
- Wipe the permissions under File access tab / reset of each shares settings section.
- Edit /etc/samba/smb.conf to replace tdb by: rid
- Execute: net cache flush
- NEW - Reboot
- Join AD with "trusted domain" unchecked.
After these steps now idmap use rid.
Thank for all suggestions