[Samba] winbind: uid range is ignored

[steve]

On 03/08/12 09:01, NdK wrote:
> Il 03/08/2012 08:01, steve ha scritto:
>
>> getent passwd/group works fine. I get the names and coresponding uid:gid
>> numbers within the range specified in smb.conf but all I get when I list
>> files on the nfs share, are numerical uid:gid values. I want those
>> values to be DOMAIN\username DOMAIN\group rather than numerical values.
>>
>> How do I do that?
> Use *the same* range on both server and clients.

Hi Diego
Thanks for your patience in helping me sort this.

It doesn't seem to matter. I can have the same id range on both server 
and client. What is uid 3000027 on the server becomes uid 3000002 on the 
client.

>
>> The uid:gid values are not in the range set in smb.conf. They are the
>> uid:gid values in idmap _on the server_. Its as if nsswitch is ignoring
>> winbind.
> Obvious. NFS passes *numeric* IDs, so if a file is owned by userid
> 123456 on the server, then the client will see the same 123456 uid.
> That, if not correctly mapped, would give another user access to it
> (negating access to the original one).

That's exactly my point. My 3000027 maps correctly to DOMAIN\steve2 on 
the server but getent passwd on the client gives DOMAIN\steve2 as 
3000002. If steve2 logs in and creates a file it becomes uid 3000027 and 
_not_ 3000002. If winbind is doing the mapping correctly it should map 
3000027 to 3000002 and when I list a file that I have made it should 
give me back a uid of DOMAIN\steve2. It doesn't. The file created has 
uid 3000027 which works _but_ I want to see uid's as names, not numbers.

I've also tried adding posixAccount, uidNumber and gidNumber to pull the 
uid:gid directly from AD with:
idmap config * : backend = ad
but then, getent passwd gives me no list of users.

Really stuck on this one. . .
The client is Ubuntu 12.04 with samba 3.6.3. Maybe 3.6.3 has bugs?

Cheers,
steve