Samba4 Linux user has two uid's

Rowland Penny repenny at f2s.com
Mon Mar 25 13:18:54 MDT 2013 

On 25/03/13 18:59, Thomas Simmons wrote:
> On Mon, Mar 25, 2013 at 2:30 PM, Rowland Penny <repenny at f2s.com 
> <mailto:repenny at f2s.com>> wrote:
>
>     On 21/03/13 20:01, Rowland Penny wrote:
>
>         HI,
>         If You join a S3 client to a S4 domain you get a different uid
>         on the client and server i.e.
>
>         Info from the client
>         $ id user
>         uid=21105(user) gid=20513(domain_users)
>         groups=20513(domain_users),1101(BUILTIN\users)
>
>
>         Info from the server
>         # id user
>         uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
>
>         Now if you mount a share onto the client from the server via
>         pam_script:
>
>         mount -t cifs //server/dropbox /home/dropbox -o
>         username=user,cruid=userid,sec=krb5i,multiuser,nobrl,mapchars,mfsymlinks,noserverino
>
>
>         If a file is now created in the share by the user, the user
>         immediately looses all rights to it from the client.
>
>         Is this a CIFS problem or a Samba4 problem?
>
>
>     OK, I am now coming round to think that there is something wrong
>     with Samba 3.6.X after 3.6.3.
>     Reasons?
>     I cannot get it show domain users or groups on Samba 3.6.6 running
>     on Mint 14, the smb.conf is identical to the one I used on 3.6.3
>     running on Ubuntu 12.04 which works.
>
>     I then spent some time downloading and compiling various versions,
>     all which failed in the same way.
>
>     As I wasn't sure if it was the way that I was compiling samba or
>     not, I have installed Opensuse 12.3 and again set up samba with
>     the same smb.conf. Opensuse uses version 3.6.12. It fails in
>     exactly the same way i.e. getent will not return domain users,
>     only local users.
>
>     So, unless anybody is prepared to come forward and announce that
>     they are using a version later than 3.6.3, I must suggest that
>     something in samba is broken.
>
> Hello Rowland,
> I don't know if you missed my reply above, but I stated (link below) 
> that I had this working on 3.6.10, compiled from source, in the thread 
> I linked to. Apart from --with-ads and --with-shared-modules=idmap_ad, 
> I don't know what other options I used. I spent the better part of a 
> weekend trying to figure out my original problem (specific to the 
> domain controller itself) which turned out to be a bug. I'll set up a 
> test VM later today and try to duplicate what I did then. I can't 
> imagine such critical functionality would have been broken since 3.6.3 
> and not have been noticed before now. Have you increased logging 
> verbosity and checked your logs for anything? That's how I discovered 
> the idmap_ad problem.
>
> https://lists.samba.org/archive/samba/2012-December/170552.html
>
>
>     Rowland
>
>     -- 
>     This message has been scanned for viruses and
>     dangerous content by MailScanner, and is
>     believed to be clean.
>
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. 

Yes, sorry I had missed the version you used, but it would appear that I 
used the same configure line as you. Could you please confirm what 
dependencies you installed prior to compiling and on what distro you 
compiled it on.

The only thing I can think of doing now is to compile 3.6.10 on 12.04, 
then if it works, compile it on mint 14 exactly the same way and hope it 
works.

Rowland

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list