autorid broken in samba 4.9?
Nathaniel W. Turner
nate at houseofnate.net
Wed Apr 8 17:55:37 UTC 2020
I have a configuration that is working correctly with samba 4.8 (in CentOS
7.6). When I apply the same basic configuration to a system running samba
4.9 (CentOS 7.7), I see a very strange behavior: The ID mapping for trusted
domains does not work right.
Both systems are joined to the domain tc84.local (TC84), which has a forest
trust with TC83, and they have identical smb.conf files. Here's the idmap
related bit:
# testparm 2>/dev/null </dev/null | grep idmap
idmap config * : range = 1000000-19999999
idmap config * : backend = autorid
Here's the samba 4.8 system:
[root at kvm7246-vm005 ~]# wbinfo -i TC84\\administrator
TC84\administrator:*:1100500:1100513::/home/administrator at TC84:/bin/bash
[root at kvm7246-vm005 ~]# wbinfo -i TC83\\administrator
TC83\administrator:*:1200500:1200513::/home/administrator at TC83:/bin/bash
And here's the same config on a samba 4.9 system:
[root at kvm7246-vm008 ~]# wbinfo -i TC84\\administrator
TC84\administrator:*:2000500:2000513::/home/administrator at TC84:/bin/bash
[root at kvm7246-vm008 ~]# wbinfo -i TC83\\administrator
TC83\administrator:*:10000:10000::/home/administrator at TC83:/bin/bash
The UID 10000 is not within the idmap configured range!
I looked a the idmap_autorid(8) manpage, and very very quickly scanned the
source diffs between these versions, but nothing jumps out at me. Is this a
known issue, or is there some new idmap configuration setting that's now
needed?
n
More information about the samba-technical
mailing list