[Samba] Strange GID and UID with winbindd + Samba AD DC

Rowland Penny rowlandpenny at googlemail.com
Thu Mar 13 13:07:10 MDT 2014 

On 13/03/14 18:45, Chan Min Wai wrote:
> Dear Rowland,
>
> I try, once I've added this
> getent group will fail to load any samba group
> But
> getent group smbgroup will load that group
>
> But
> getent passwd is working fine.
>
> it is strange....

Not really, it would seem that this is the way winbind works with getent 
group

Rowland

>
>
>
> On Fri, Mar 14, 2014 at 12:12 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     On 13/03/14 15:41, Chan Min Wai wrote:
>
>         Dear All,
>
>         Any one have any idea?
>
>         this is part of the config files which I think should be related.
>
>         But I cannot see which part caused the issue.
>         The users can access the files and folder but the problem are
>         the large
>         uid/gid and also wrong gid..
>
>         Thank You
>
>         [global]
>                  workgroup = AMTB-WORKGROUP
>                  security = ADS
>                  realm = KL01.AMTB-M.ORG.MY <http://KL01.AMTB-M.ORG.MY>
>                  idmap config AMTB-WORKGROUP : backend = ad
>                  idmap config AMTB-WORKGROUP : schema_mode = rfc2307
>                  idmap config AMTB-WORKGROUP : range = 10000-849999
>
>                  winbind nss info = rfc2307
>                  winbind enum groups = yes
>                  winbind enum users = yes
>                  winbind use default domain = Yes
>
>                  winbind cache time = 300
>                  winbind refresh tickets = yes
>                  winbind offline logon = yes
>                  winbind nested groups = yes
>                  winbind max clients = 500
>
>                  netbios name = AmtbCluster
>
>
>
>         On Thu, Mar 13, 2014 at 3:49 AM, Chan Min Wai
>         <dcmwai at gmail.com <mailto:dcmwai at gmail.com>> wrote:
>
>             Dear All,
>
>             I've some strange entry on my getent as shown below.
>             It seem that
>
>             There are some strange value UID/GID
>             4294967295 <-- what number is this?
>
>             I get this info from my Domain member which serving as a
>             files server.
>
>             Also some different GID from Samba AD DC
>
>             E.g wbinfo from AD DC (default configuration after
>             classical migratation)
>             --> AD DC have no winbind configuration.
>             wbinfo --group-info=mtcuser
>             AMTB-WORKGROUP\mtcuser:*:10002:
>             (GID is not show correctly on winbind of domain member)
>
>
>
>             ==Domain Member result==
>             getent group
>             {snap major local group}
>             nullmail:x:88:
>             sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
>             allowed rodc password replication group:x:4294967295:
>             enterprise read-only domain controllers:x:4294967295:
>             sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
>             denied rodc password replication group:x:4294967295:krbtgt
>             read-only domain controllers:x:4294967295:
>             group policy creator owners:x:4294967295:administrator
>             docs:x:508:user002,user003,
>             software:x:511:dcmwai
>             finance:x:1005:dcmwai
>             mtcusers:x:4294967295:llchai,mtcuser01
>             ras and ias servers:x:4294967295:
>             domain controllers:x:4294967295:
>             enterprise admins:x:4294967295:administrator
>             web:x:510:dcmwai,mwchan
>             domain computers:x:515:
>             cert publishers:x:4294967295:
>             amtbkladmin:x:4294967295:dcmwai,amtbadmin,administrator
>             mirageadmin:x:4294967295:miragesvc
>             dnsupdateproxy:x:4294967295:
>             domain admins:x:512:dcmwai,administrator
>             domain guests:x:514:
>             schema admins:x:4294967295:administrator
>             domain users:x:513:
>             dnsadmins:x:4294967295:
>
>
>             getent passwd
>
>
>             avuser1:*:1036:513:avuser1:/home/avuser1:/bin/bash
>             avuser2:*:1037:513:avuser2:/home/avuser2:/bin/bash
>             user001:*:1012:513:user001:/home/user001:/bin/bash
>             user002:*:1064:513:user002:/home/user002:/bin/bash
>             user003:*:1065:513:user003:/home/user003:/bin/bash
>             dcmwai:*:1014:513:dcmwai:/home/dcmwai:/bin/bash
>             mwchan:*:10000:513:mwchan:/home/mwchan:/bin/bash
>             recep1:*:1021:513:recep1:/home/recep1:/bin/bash
>             recep2:*:1022:513:recep2:/home/recep2:/bin/bash
>             mtcuser01:*:1074:513:mtcuser01:/home/mtcuser01:/bin/bash
>
>             dns-amtbserver:*:4294967295:513:dns-amtbserver:/home/AMTB-WORKGROUP/dns-amtbserver:/bin/false
>             administrator:*:10005:513:Administrator:/home/Administrator:/bin/sh
>             amtbadmin:*:10004:513:amtbadmin:/home/amtbadmin:/bin/bash
>
>             dns-amtbsrv02:*:4294967295:513:dns-AMTBSRV02:/home/AMTB-WORKGROUP/dns-amtbsrv02:/bin/false
>             miragesvc:*:10002:513:miragesvc:/home/miragesvc:/bin/sh
>             krbtgt:*:4294967295:513:krbtgt:/home/AMTB-WORKGROUP/krbtgt:/bin/false
>             guest:*:65534:514:Guest:/var/empty:/bin/false
>
>
>             Anyone can advise what is going on?
>
>             Thank You.
>
>     Hi, you don't seem to have the builtin backend configured, try
>     adding something like:
>
>     Idmap config *:backend = tdb
>     idmap config *:range = 85000-86000
>
>     Rowland
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list