<html v="urn:schemas-microsoft-com:vml" o="urn:schemas-microsoft-com:office:office" w="urn:schemas-microsoft-com:office:word" m="http://schemas.microsoft.com/office/2004/12/omml" mv="http://macVmlSchemaUri"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="Title" content="" />
<meta name="Keywords" content="" />
<meta name="Generator" content="Microsoft Word 15 (filtered medium)" />
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:Calibri;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head><body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">Do you have UID/GID for the user in your AD schema? or the rfc 2307 extended schema?<br>
<br>
AFAIK it uses winbinds IDMAP so requires rfc 2307 attributes rather than using the windows SID and working the UID/GID using autorid etc.<br>
<br>
-- Lauz<br><br><div class="gmail_quote">On 27 February 2017 19:40:57 GMT+00:00, "Mark.Bush@siriuscom.com" <Mark.Bush@siriuscom.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">For some reason, I just can’t seem to get this to work. I have configured my protocol nodes to authenticate to AD using the following
<p></p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">mmuserauth service create --type ad --data-access-method file --servers 192.168.88.3 --user-name administrator --netbios-name scale --idmap-role master --password ********* --idmap-range-size
1000000 --idmap-range 10000000-299999999 --enable-nfs-kerberos --unixmap-domains 'sirius(10000-20000)'<p></p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">All goes well, I see the nodes in AD and all of the wbinfo commands show good (id Sirius\\administrator doesn’t work though), but when I try to mount an SMB share (after doing all the necessary mmsmb export
stuff) I get permission denied. I’m curious if I missed a step (followed the docs pretty much to the letter). I’m trying Administrator, mark.bush, and a dummy aduser I created. None seem to gain access to the share.
<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Protocol gurus help! Any ideas are appreciated.<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><img width="171" height="59" id="_x0000_i1025" src="cid:image001.png@01D290FF.2070CF90" alt="id:image001.png@01D2709D.6EF65720" /></span><span style="font-size:11.0pt;color:black"><p></p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;color:black">Mark R. Bush</span></b><span style="font-size:11.0pt;color:black">| <b>Storage Architect</b><br />
Mobile: 210-237-8415 <br />
Twitter: <a href="https://twitter.com/bushmr"><span style="color:#0563C1">@bushmr</span></a> | LinkedIn:
<a href="https://www.linkedin.com/in/markreedbush"><span style="color:#0563C1">/markreedbush</span></a><br />
10100 Reunion Place, Suite 500, San Antonio, TX 78216<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><a href="http://www.siriuscom.com/"><span style="color:#0563C1">www.siriuscom.com</span></a> |<a href="mailto:mark.bush@siriuscom.com"><span style="color:#0563C1">mark.bush@siriuscom.com</span></a> <p></p></span></p>
<p class="MsoNormal"></p><p> </p>
</div>
<p style="font-size:8pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">
This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law.
If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. This message may be viewed by parties at Sirius Computer Solutions other than those named in
the message header. This message does not contain an official representation of Sirius Computer Solutions. If you have received this communication in error, notify Sirius Computer Solutions immediately and (i) destroy this message if a facsimile or (ii) delete
this message immediately if this is an electronic communication. Thank you. </p>
<span style="padding-top:10px; font-weight:bold; color:#CC0000; font-size:10pt; font-family: 'Calibri',Arial,sans-serif;"><a href="http://www.siriuscom.com">Sirius Computer Solutions</a></span>
<div></div>
</blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>