[Samba] Trying to get uid and gid to match and getent to work

Johan Hendriks Johan at double-l.nl
Sat Nov 8 13:00:30 GMT 2008

>---- phwashington at tx.rr.com wrote: 
>> I am using the following in my smb.conf on samba-3.0.28-0.el5.8
>> ..... snip .....

>Okay, I was able to get getent to work.
>had to go back to ldconfig to get the library files to load the variants of libnss_winbind.
>So now am trying to get it to allow domain users to login and get the uid's and gid's to match across servers.

The way to do this is to use an ldap backend on the file servers
On one Member server the ldap is the master, and on all the others the ldap servers are slave's
I have not tested this (my network is not that large).

but this is also mentioned in the following doc

Then in chapter 7 at the end there is the following:
What are the benefits of using LDAP for my domain member servers?
The key benefit of using LDAP is that the UID of all users and the GID of all groups are globally consistent on domain controllers as well as on domain member servers. This means that it is possible to copy/replicate files across servers without loss of identity.

When use is made of account identity resolution via winbind, even when an IDMAP backend is stored in LDAP, the UID/GID on domain member servers is consistent, but differs from the ID that the user/group has on domain controllers. The winbind allocated UID/GID that is stored in LDAP (or locally) will be in the numeric range specified in the idmap uid/gid in the smb.conf file. On domain controllers, the UID/GID is that of the POSIX value assigned in the LDAP directory as part of the POSIX account information. 

One more thing if you use the guide in chapter 7 and you come to the part of editing the nsswitch.conf file, do not use ldap there but winbind
The guide tells you to do this.
 Edit the NSS control file /etc/nsswitch.conf so it has the following entries:

passwd: files ldap
shadow: files ldap
group:  files ldap
hosts:  files wins

Use this instead.

 Edit the NSS control file /etc/nsswitch.conf so it has the following entries:

passwd: files winbind
shadow: files winbind
group:  files winbind
hosts:  files wins

I hope this helps..

Johan Hendriks
Double L Automatisering

More information about the samba mailing list