[Samba] UID and GID mapping throw DC and Member DC

Jhon P patocius at hotmail.com
Mon Mar 23 14:28:51 MDT 2015 

Question:
 When you add users to the ADDC the UID users are always going to be different from those obtained by the DC winbind Member?

 I talk about destroy the member server, because I have the freedom to do it again if necessary, this server is not in production.

Regards.

> Date: Mon, 23 Mar 2015 19:28:19 +0000
> From: rowlandpenny at googlemail.com
> To: samba at lists.samba.org
> Subject: Re: [Samba] UID and GID mapping throw DC and Member DC
> 
> On 23/03/15 19:15, Jhon P wrote:
> > What do you mean with different winbinds?
> 
> On the DC, winbind is built into the samba daemon, you do not run a 
> separate winbind daemon. On a member server you run the nmbd & smbd 
> daemons along with a separate winbind daemon.
> 
> >
> > I can destroy the member server, its on testing.
> > It is for the version of windbind?
> >
> > I can get this from DC.
> >
> >
> > But I can not do the same with DC.
> >
> > "Tonight 2X1 sledgehammers." :-) XD
> >
> 
> What you could try (and I never told you this) is sssd instead of 
> winbind, you can use this on both the DC and the member server along 
> with RFC2307 attributes. The only problem would be getting a new enough 
> version, you may have to update to jessie.
> 
> Rowland
> > > Date: Mon, 23 Mar 2015 18:43:21 +0000
> > > From: rowlandpenny at googlemail.com
> > > To: samba at lists.samba.org
> > > Subject: Re: [Samba] UID and GID mapping throw DC and Member DC
> > >
> > > On 23/03/15 18:27, Jhon P wrote:
> > > > After tried to solve the problem with "getent", I found another
> > > > problem with the Member server.
> > > >
> > > > The member server works well, but the "uid" and "gid" mapping for
> > > > users its incorrect.
> > > >
> > > > In the DC the "UID" "GID" its around 3000085
> > > >
> > > > In the Member Server its around 2000 - 3000
> > > >
> > > > For example:
> > > >
> > > >
> > > > ADDC Server.
> > > > ---------------------
> > > > root at ACDC:/# wbinfo --user-info=Prueba
> > > > KENNEDY\prueba:*_:3000022:100_:Prueba:/home/KENNEDY/prueba:/bin/false
> > >
> > > The '3000022' is coming from winbind mapping the users RID
> > >
> > > >
> > > > MEMBER SERVER
> > > > -----------------------
> > > > root at MEMBERSERVER/home/prueba# wbinfo --user-info=prueba
> > > > prueba:*:_2451:2004_:Prueba:/home/KENNEDY/prueba:/bin/false
> > > >
> > >
> > > The '2451' is again coming from winbind mapping the users RID, but
> > > because you are using different winbinds on the DC and the member
> > > server, you are getting different numbers. This is just one of the
> > > reasons not use the DC for anything other than authentication.
> > >
> > > You could try adding a 'uidNumber' to your AD users and a 
> > 'gidNumber' to
> > > 'Domain Users', these numbers need to be inside the range set in the
> > > member server smb.conf, for instance if you follow the member server
> > > page on the wiki, not less than 2000 and not more than 999999.
> > >
> > > I must point out that if this does not work, it may be time to get the
> > > sledgehammer out :-)
> > >
> > > Rowland
> > > > Any way to solve this.
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list