Hide Forgot
Description of problem: Since the Fedora 25 upgrade, AD users cannot authenticate. How reproducible: Allways Actual results: - The Fedora 25 client was integrated on AD without problem. - "wbinfo -u" returns users AD list. - "wbinfo -g" returns group AD list. - "getent passwd" returns users AD list. - "getent group" returns group AD list. But "id user_ad" returns "id: 'user_ad': no such user" (with user_ad a real user AD).
Please provide log files as described here: https://www.samba.org/~asn/reporting_samba_bugs.txt Thanks
Solved here : https://bugzilla.samba.org/show_bug.cgi?id=12284#c12
So you had an invalid IDMAP configuration? In Samba 4.6 the 'testparm' tool will warn about issues with ID mapping configuration and winbind will not start if an invalid IDMAP backend is configured.
No, the IDMAP configuration was not invalid. The 4.5 version requires more precision than 4.4.x. : --- smb-4.4.conf +++ smb-4.5.conf @@ -11,3 +11,5 @@ winbind use default domain = Yes idmap config * : range = 100000-109999 idmap config * : backend = rid + idmap config DOMAIN : range = 100000-109999 + idmap config DOMAIN : backend = rid
The 'rid' backend is not a valid backend for 'idmap config *'. Winbind in Samba 4.6 will not start if 'rid' is configured for the default backend. So the config is invalid and we just did not tell the user. Also the change you did is not ok. You have overlapping ID map ranges! Those ranges should never overlap.
https://wiki.samba.org/index.php/Idmap_config_rid