[Samba] base_rid = 1000 didn't work; base_rid = 0 works; (was:[ Re: samba 3.6: "autorid" has no domain order ])
Benedikt Schindler
BeniSchindler at gmx.de
Thu Aug 18 05:41:45 MDT 2011
Hello Christian,
i could send you over the logs. But they realy show no sign of something
is going wrong.
The problem is "solved" for me.
The config that does not work is :
>> > idmap config * : backend = rid
>> > idmap config * : range = 70000 - 99999
>> > idmap config * : base_rid = 1000
>> >
>> > idmap config A : backend = rid
>> > idmap config A : range = 100000 - 199999
>> > idmap config A : base_rid = 1000
>> >
>> > idmap config B : backend = rid
>> > idmap config B : range = 200000 - 299999
>> > idmap config B : base_rid = 1000
The config that works is :
idmap config * : backend = rid
idmap config * : range = 70000 - 99999
idmap config * : base_rid = 0
idmap config A : backend = rid
idmap config A : range = 100000 - 199999
idmap config A : base_rid = 0
idmap config B : backend = rid
idmap config B : range = 200000 - 299999
idmap config B : base_rid = 0
I could reproduce this error as often as i want. when i set base_rid to
1000, "getent passwd" does not get any information. and "wbinfo -S aSID"
shows WBC_ERR_DOMAIN_NOT_FOUND.
Whe i set base_rid to 0 everthing just works fine.
i still have the logs, and i could send them to you. But i realy see no
differnce in the logs between "Base_rid = 1000" and "base_rid = 0"
by the way "wbinfo -u" and "wbinfo -g" works fine with both configs.
Regards,
Benedikt
P.S.: Thanks for the nice work.
Am 16.08.2011 17:11, schrieb Christian M Ambach:
> Benedikt wrote on 08/16/2011 11:04:57 AM:
>
>> > i try to create a samba server for more then one trusted domain.
>> > I know there were some issues with samba 3.5, and in the internet i
>> > always read, i should use samba 3.4.
>> >
>> > So i wanted to give 3.6 a chance.
>> >
>> > I first tried autorid with a config like this:
>> >
>> > winbind enum users = yes
>> > winbind enum groups = yes
>> >
>> > idmap backend = autorid
>> > idmap gid = 100000-1499999
>> > idmap gid = 100000-1499999
>> > allow trusted domains = yes
>> >
>> > It works fine. And Domain A starts in the 200000 and Domain B with
>> > 300000. But my problem is, i have two different samba Servers that
>> > should get the same uid and gid.
>> > On the second Server Domain B also starts with 300000 but domain A
>> > starts with 4000000. So there is no correct mapping between these two
>> > servers. It is, because the main Domain of the second server is B and
>> > not A like in the first server.
>> >
>> > Is there a way to tell autorid a order of domains? like: "idmap autorid
>> > domains = A, B"
>
> no, there isn't a way to do this currently. I planned to eventually release
> a tool which allows you to derive a static configuration based on idmap_rid
> out of the values in the autorid database.
> Looks like you attempted to do this manually:
>
>> > winbind enum users = yes
>> > winbind enum groups = yes
>> > allow trusted domains = yes
>> >
>> > idmap config A : backend = rid
>> > idmap config A : range = 100000 - 199999
>> > idmap config A : base_rid = 1000
>> >
>> > idmap config B : backend = rid
>> > idmap config B : range = 200000 - 299999
>> > idmap config B : base_rid = 1000
>
> But to use the same mappings as autorid on the first server, you need to
> set base_rid to 0 on the second server.
>
>> if i delete all the "idmap config * " parts it won't work again.
>>
>> But also if it does work.... i need trusted domain support.
>> the only config that realy works right now, is the new "autorid".
>
> Did you try net cache flush to clear previous mappings with different
> configurations from the caches?
>
>> LogLevel10 shows no errors at all.
>
> Can you put the logs somewhere for download or send them over?
> log.winbindd-idmap would be of most interest.
>
> Regards,
> Christian
>
More information about the samba
mailing list