[Samba] Still working on a Member Server

phwashington at tx.rr.com phwashington at tx.rr.com
Fri Nov 14 02:20:57 GMT 2008

Going through the examples and reading through the wiki's I still have not found exactly what I was looking for in matching uid's and gid's.
using samba

We currently have a domain controller  Samba/LDAP PDC.  

Previous member servers

and I went to add a member server.  Now I find that users and groups don't match.  So from previous postings I have surmised that this has all changed and to get uid's and gid's to match across member servers you need to install an LDAP server on each Member Server and then use this as the backend for that system.

So what I have seen thus far the 
idmap uid = 
idmap gid = 
have not effect on the outcome of uid's and gid's on the server anymore.
I have tried /etc/nsswitch.conf

passwd     files winbind
shadow     files 
group        files  winbind

and then tried 
passwd    file ldap
shadow   file ldap
group       file ldap

Using winbind would give me groups, but not what I was expecting.  I would get no info on users or groups for the domain.

Using ldap I would receive no precursor for users or groups using wbinfo or getent, but the users and groups would show up.  The uid and gid had no correlation to idmap uid or idmap gid.
Nov 13 19:36:35 IET0245Q slapd[25398]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18) 
Nov 13 19:36:35 IET0245Q slapd[25398]: daemon: select: listen=8 active_threads=0 tvp=NULL 
Nov 13 19:36:35 IET0245Q slapd[25398]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18) 
Nov 13 19:36:35 IET0245Q last message repeated 4 times
Nov 13 19:

	unix charset = LOCALE
	workgroup = GUM
	netbios name = GUM01B_TEST
	security = DOMAIN
	username map = /etc/samba/smbusers
	log level = 10
	syslog = 0
	log file = /var/log/samba/samba2.log
	smb ports = 139
	name resolve order = wins bcast hosts
	printcap name = /etc/printcap
	domain master = No
	wins server =
	ldap admin dn = cn=Manager,dc=GUM,dc=COM	;
	ldap group suffix = ou=Group		;
	ldap idmap suffix = ou=Idmap		;
	ldap machine suffix = ou=Computers	;
	ldap suffix = dc=GUM,dc=COM		;
	ldap user suffix = ou=People		;
	idmap backend = ldap://
	idmap uid = 10000-20000	;
	idmap gid = 10000-20000	;
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind trusted domains only = Yes

	comment = GUMSHARE
	username = GUM+user1,@"GUM+Domain Users"
	read list = GUM+user1, "@GUM+Domain Users"
	write list = "@GUM+Domain Users"
	read only = No
	create mask = 0774
	security mask = 0774
	force security mode = 0770
	directory mask = 02777
	directory security mask = 0770
	force directory security mode = 0770
	inherit permissions = Yes
	hide unreadable = Yes
	veto oplock files = /GUM.*/

More information about the samba mailing list