[Samba] winbind idmap Problem

TAKAHASHI Motonobu monyo at monyo.com
Tue Feb 1 08:36:27 MST 2011

2011/2/2 marius klausen <mariusklausen at gmx.net>:
> My Problem is as follows: uid/gid information is stored /etc/passwd and /etc/group local on my samba Server,  passwords are stored in Active Directory. In order to let winbind fetch uid/gid information from local files i put the following in my smb.conf:
> idmap config MYREALM: backend = nss
> idmap config MYREALM: range = 100-100000
> and the following in /etc/nsswitch.conf:
> passwd:     files winbind
> shadow:     files
> group:      files winbind
> Connecting to my Samba Server with AD password works + idmapping seems to work partly - heres some info from the logs:
> [2011/02/01 16:01:26,  3] smbd/password.c:register_existing_vuid(299)
>  register_existing_vuid: UNIX uid 60000 is UNIX user testuser, and will be vuid 100
> --> uid 60000 still is correct - what about vuid 100?

vuid is an internal ID. You do not need to care it.

> [2011/02/01 16:01:20,  3] lib/privileges.c:get_privileges(63)
>  get_privileges: No privileges assigned to SID [ xxxxxx ]
> --> no privilleges assigned seems wrong ...

No, this message simply says that an user has no (extra) user rights.

> The actual Problem is the Following: There Are different users (from one unix group) which should write to this share - and they should be able to delete files which are written by other users from the same group, which is actually not working right now. Although owner:group is correct for files created via samba, deleting files from other users fails although file permissions are set correctly.
> Ideas anybody?

Make different users belong to the same Windows group and map the
group to an UNIX group.

TAKAHASHI Motonobu <monyo at monyo.com>

More information about the samba mailing list