Samba4 Linux user has two uid's
Rowland Penny
repenny at f2s.com
Mon Mar 25 13:18:54 MDT 2013
On 25/03/13 18:59, Thomas Simmons wrote:
> On Mon, Mar 25, 2013 at 2:30 PM, Rowland Penny <repenny at f2s.com
> <mailto:repenny at f2s.com>> wrote:
>
> On 21/03/13 20:01, Rowland Penny wrote:
>
> HI,
> If You join a S3 client to a S4 domain you get a different uid
> on the client and server i.e.
>
> Info from the client
> $ id user
> uid=21105(user) gid=20513(domain_users)
> groups=20513(domain_users),1101(BUILTIN\users)
>
>
> Info from the server
> # id user
> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
>
> Now if you mount a share onto the client from the server via
> pam_script:
>
> mount -t cifs //server/dropbox /home/dropbox -o
> username=user,cruid=userid,sec=krb5i,multiuser,nobrl,mapchars,mfsymlinks,noserverino
>
>
> If a file is now created in the share by the user, the user
> immediately looses all rights to it from the client.
>
> Is this a CIFS problem or a Samba4 problem?
>
>
> OK, I am now coming round to think that there is something wrong
> with Samba 3.6.X after 3.6.3.
> Reasons?
> I cannot get it show domain users or groups on Samba 3.6.6 running
> on Mint 14, the smb.conf is identical to the one I used on 3.6.3
> running on Ubuntu 12.04 which works.
>
> I then spent some time downloading and compiling various versions,
> all which failed in the same way.
>
> As I wasn't sure if it was the way that I was compiling samba or
> not, I have installed Opensuse 12.3 and again set up samba with
> the same smb.conf. Opensuse uses version 3.6.12. It fails in
> exactly the same way i.e. getent will not return domain users,
> only local users.
>
> So, unless anybody is prepared to come forward and announce that
> they are using a version later than 3.6.3, I must suggest that
> something in samba is broken.
>
> Hello Rowland,
> I don't know if you missed my reply above, but I stated (link below)
> that I had this working on 3.6.10, compiled from source, in the thread
> I linked to. Apart from --with-ads and --with-shared-modules=idmap_ad,
> I don't know what other options I used. I spent the better part of a
> weekend trying to figure out my original problem (specific to the
> domain controller itself) which turned out to be a bug. I'll set up a
> test VM later today and try to duplicate what I did then. I can't
> imagine such critical functionality would have been broken since 3.6.3
> and not have been noticed before now. Have you increased logging
> verbosity and checked your logs for anything? That's how I discovered
> the idmap_ad problem.
>
> https://lists.samba.org/archive/samba/2012-December/170552.html
>
>
> Rowland
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
Yes, sorry I had missed the version you used, but it would appear that I
used the same configure line as you. Could you please confirm what
dependencies you installed prior to compiling and on what distro you
compiled it on.
The only thing I can think of doing now is to compile 3.6.10 on 12.04,
then if it works, compile it on mint 14 exactly the same way and hope it
works.
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list