[Samba] idmap backend problems

Maarten de Boer mdeboer at iua.upf.es
Fri Mar 4 14:18:44 GMT 2005


I am trying out Samba + Winbind + NSS + CIFS in a test environment,
which currently consists of a PDC, a fileserver, and a client, all with
samba 3.0.11

I got everything working more or less, but noticed that the uid's are
different on the fileserver and on the client (resulting in erroneous
file ownership on the cifs mount). This is also very obvious when doing
a getent passwd.

The [global] portion in the smb.conf file on fileserver and client:

winbind separator = +
realm = testwg
workgroup = testwg
encrypt passwords = true
password server = testpdc
security = DOMAIN
idmap uid = 10000-65000
idmap gid = 10000-65000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
allow trusted domains = No
unix extensions = yes

After reading the docs, I get the impression that I should use a idmap
backend to have consistent uid's. Am I correct?

I don't have an LDAP server, and I'd prefer not to add another service
to the chain, so I recompiled samba with
and tried adding
idmap backend = idmap_rid:TESTWG=1000-50000000
to both the fileserver and client smb.conf files. This breaks uid mapping.

in log.winbindd, i got lots of entries like:

[2005/03/04 14:21:08, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
  error getting user id for sid S-1-5-21-1893565685-1185636268-3552291067-3110
[2005/03/04 14:21:08, 1] nsswitch/winbindd_user.c:winbindd_getpwent(566)
  could not lookup domain user

Any idea?


More information about the samba mailing list