[Samba] BUILTIN-Groups break winbind_idmap
Thorsten Leiser
t.leiser at synchron-is.de
Tue Apr 27 10:40:29 MDT 2010
Hello,
i want to migrate from samba 3.2.6-37 (sernet-built on sles9) to
3.3.12-25 (sernet-built on debian lenny). It's a domain member server in
an w2k3 ad with all company files on it. I migrated the smb.conf and
moved the winbindd_idmap.tdb to the lenny server. The winbind idmap
options are still the same with tdb as idmap backend and don't conflict
with entries of /etc/group and /etc/passwd. My gid range starts by 10000
(10000 was originally mapped by winbind to domain-users). Now on lenny
it seems that samba overrides the winbindd_idmap of the domain-users to
BUILTIN\administrators. A "wbinfo -Y S-1-5-32-544" with a result of
10000 confirmed my assumptions. I don't know why samba behaves like
this. For further analysis i attach the global section of the smb.conf.
Anyone an idea?
Thanks
Thorsten
[global]
unix charset = ISO8859-15
display charset = ISO8859-15
workgroup = SCHARRNET
realm = SCHARRNET.DE
server string =
interfaces = 127.0.0.1, eth0
bind interfaces only = Yes
security = ADS
password server = OMBRE DC1
log level = 2
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
load printers = No
printcap name = cups
add share command = /usr/local/bin/modify_samba_config.pl
change share command = /usr/local/bin/modify_samba_config.pl
delete share command = /usr/local/bin/modify_samba_config.pl
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind cache time = 900
winbind enum users = Yes
winbind enum groups = Yes
ea support = Yes
map acl inherit = Yes
hide unreadable = Yes
veto oplock files = /*.mdb/*.MDB/
store dos attributes = Yes
dos filemode = Yes
dos filetime resolution = Yes
--
Thorsten Leiser
IT-Systembetreuung
SYNCHRON Gesellschaft für betriebswirtschaftliche
Beratung und Informationssysteme mbH
Liebknechtstr. 50
70565 Stuttgart-Vaihingen
More information about the samba
mailing list