Re: Change Samba idmap with AD

cs_giuseppe · ‎2017-05-25

Hi

I have a nas that was installed long ago with a firmware pre 6.5 and then upgraded to the last, with this nas the idmap with ad is different that one started with a recent firmware.

It's possible change the way idmap work to the same automatic behaviour like in the new firmware, having in smb.conf from idmap config * : backend = tdb to idmap config * : backend = rid?

smb.conf is autogenerated so it cannon be modifiied

Thanks

cs_giuseppe · ‎2017-05-31

Hi,

SOLVED !!!

here the step

Switch from AD to Local users.
NEW - Disabled samba in each share
Wipe the permissions under File access tab / reset of each shares settings section.
Edit /etc/samba/smb.conf to replace tdb by: rid
Execute: net cache flush
NEW - Reboot
Join AD with "trusted domain" unchecked.

After these steps now idmap use rid.

Thank for all suggestions

View solution in original post

jak0lantash · ‎2017-05-25

I would:

Switch from AD to Local users.
Wipe the permissions under File access tab / reset of each shares settings section.
Join AD with "trusted domain" unchecked.
Check smb.conf that it's using rid instead of tdb.
Reapply the permissions: https://kb.netgear.com/7066/ReadyNAS-OS-6-Setting-Active-Directory-folder-permissions

If smb.conf still uses tdb, I can try to confirm how to manually change it.

cs_giuseppe · ‎2017-05-27

Hi jak0lantash,

thank for the suggestion

made:

Switch from AD to Local users - done
Set file owner to guest and group owner to guest - done
Wipe the permissions under File access tab / reset of each shares settings section. - done
Deleted the nas account on domain - done
Join AD with "trusted domain" unchecked. - done
Check smb.conf that it's using rid instead of tdb. - NO, still idmap config * : backend = tdb

I

jak0lantash · ‎2017-05-27

@cs_giuseppe wrote:
Check smb.conf that it's using rid instead of tdb. - NO, still idmap config * : backend = tdb

I wish this would behave differently...

Try to edit smb.conf to replace tdb by: rid

Then: net cache flush

Then start the steps again. If you get to rid, the mapping table should be calculated consistently across both devices.

cs_giuseppe · ‎2017-05-27

Hi

tried it but no change, still tdb

Thanks

jak0lantash · ‎2017-05-28

Please confirm if these are the steps you followed:

Switch from AD to Local users.
Wipe the permissions under File access tab / reset of each shares settings section.
Edit /etc/samba/smb.conf to replace tdb by: rid
Execute: net cache flush
Join AD with "trusted domain" unchecked.
Check smb.conf that it's using rid instead of tdb.
If so, reapply the permissions: https://kb.netgear.com/7066/ReadyNAS-OS-6-Setting-Active-Directory-folder-permissions

cs_giuseppe · ‎2017-05-30

Hi,

I'm setting a test enviroment with a virtualbox nas for testing so I don not touch many the main production nas.

Keep you updated

Thanks for all support

cs_giuseppe · ‎2017-05-31

Hi

I made all on the test nas:

Switch from AD to Local users.
Wipe the permissions under File access tab / reset of each shares settings section.
Edit /etc/samba/smb.conf to replace tdb by: rid
Execute: net cache flush
Join AD with "trusted domain" unchecked.

but nothing, still tdb

I founf when the problem arise, with fw 6.5.0 there are problem with ad auth and I check 'trusted domian' this set the tdb and now even is uncheced no rid.

jak0lantash · ‎2017-05-31

Before 6.5.0, it used tdb.

Since 6.5.0, if trusted domain is unchecked, it uses rid.

Since 6.5.0, if trusted domain is checked, it uses tdb.

Once it starts using tdb, the GUI doesn't allow you to switch back to rid.

cs_giuseppe · ‎2017-05-31

Hi,

SOLVED !!!

here the step

Switch from AD to Local users.
NEW - Disabled samba in each share
Wipe the permissions under File access tab / reset of each shares settings section.
Edit /etc/samba/smb.conf to replace tdb by: rid
Execute: net cache flush
NEW - Reboot
Join AD with "trusted domain" unchecked.

After these steps now idmap use rid.

Thank for all suggestions