[Samba] Samba 4.2.0 rc2 and winbindd, uid-/gidNumber and xidNumber

Rowland Penny rowlandpenny at googlemail.com
Mon Nov 3 15:12:46 MST 2014 

On 03/11/14 21:14, Davor Vusir wrote:
> Trying out 4.2.0 rc2 and winbindd. Below is the AD DC's smb.conf.
> Samba on the AD DC is updated from 4.1.3.
> I'm having trouble getting uid-/gidNumbers. Just xidNumbers are
> displayed. All domain account and groups have got it assigned. What
> did I miss?
>
> Is it possible that the outcome from the commands run on the AD DC is
> a product from the fact that the domains NetBIOS-name is EXAMPLE and
> not the left-most part of the dns domain (SAMDOM)? Any ideas
> appreciated.
>
> Regards
> Davor
>
>
> Outcome from command ran on both the AD DC and a member server:
> AD DC:
> root at dc1:/usr/local/samba# id davor
> uid=3000023(davor) gid=100(users)
> groups=100(users),3000023(davor),3000020(fileacc-common),3000021(fileacc-home),3000009(BUILTIN\users)
> root at dc1:/usr/local/samba# getent passwd davor
> davor:*:3000023:100:Davor Vusir:/home/%D/%U:/bin/false
> root at dc1:/usr/local/samba# getent group 'Domain Users'
> domain users:x:100:
>
> Member server:
> admind at ostraaros:~$ id davor
> uid=11105(davor) gid=10513(domain users) groups=10513(domain
> users),11106(fileacc-home),11107(fileacc-common),1000003(BUILTIN\users)
> admind at ostraaros:~$ getent passwd davor
> davor:*:11105:10513::/home/EXAMPLE/davor:/bin/false
> admind at ostraaros:~$ getent group 'Domain Users'
> domain users:x:10513:
>
> smb.conf:
> [global]
>          workgroup = EXAMPLE
>          realm = samdom.example.org
>          netbios name = DC1
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          disable spoolss = yes
>          log level = 3
>          interfaces = 192.168.1.2/24 127.0.0.1/8
>          bind interfaces only = yes
>          idmap config EXAMPLE:backend = ad
>          idmap config EXAMPLE:schema_mode = rfc2307
>          idmap config EXAMPLE:range = 10000-999999
>          idmap config *:backend = tdb
>          idmap config *:range = 3000000-4000000
>          winbind nss info = rfc2307
>          winbind enum users  = no
>          winbind enum groups = no
>          winbind nested groups = yes
>          winbind expand groups = 4
>          winbind use default domain = yes
Hi, I have a bug report open for winbindd on 4.2rc2 (10886), It does 
pull the uidNumber & gidNumber for a user, but it still doesn't pull the 
unixHomeDirectory & loginShell attributes. I also discovered, during my 
testing, that you do not need (at present, at least) all the extra 
winbind & idmap lines in smb.conf, you get the same results, whether 
they are there or not.

Rowland

More information about the samba mailing list