[Samba] Samba 3.5 uid gid winbindd_idmap.tdb severe problems
lizard at blue.dyn-o-saur.com
lizard at blue.dyn-o-saur.com
Tue May 24 07:22:34 MDT 2011
Hello all,
right now I am using Samba 3.0.33 on Centos 5.6. The users need to
access the files from Linux and from Windows so I maintain the
Linux users in nis and the Windows users in AD. Samba is AD integrated.
I am using an custom python script that collects some data from nis and
from winbindd_idmap.tdb, creates a new file and imports it into
winbindd_idmap.tdb. This works remarkably well. Known users get mapped
to the same uid that they have on Linux. The same happens with the
groups too.
The rest gets an id from the range defined in smb.conf.
I need/want to upgrade samba to Samba 3.5 and here my problems begin.
My script creates winbindd_idmap.tdb like before and with net idmap
dump
I am able to check that is has the correct mappings (the mappings that
I want).
Unfortunately they never take effect. No matter what i do Samba seems
to
not read the file anymore. id -a $usernames shows me a list where every
group
is twice in. The first with the nis gid and the second with the idmap
gid.
Reading through a lot of stuff the last 3 days I came across this
wbinfo
commands that should do the same but show me that the mapping fails.
Here is a small session that show what happens:
id -a testuser
uid=1042(testuser) gid=2000(testgroup) groups=2000(testgroup) ......
11000(testgroup)
# the first one from nis the second from winbind
# we try to map the gid to the sid from AD
wbinfo -n testgroup
S-1-5-21-966306815-3935059601-1604263782-1350 SID_DOM_GROUP (2)
wbinfo
--set-gid-mapping=2000,S-1-5-21-966306815-3935059601-1604263782-1350
gid 2000 now mapped to sid
S-1-5-21-966306815-3935059601-1604263782-1350 # !! he lies I prove it
wbinfo --gid-to-sid=2000
Could not convert gid 2000 to sid
wbinfo --gid-to-sid=11000
S-1-5-21-966306815-3935059601-1604263782-1350
wbinfo --sid-to-gid=S-1-5-21-966306815-3935059601-1604263782-1350
11000
Could anybody please enlighten me?
Here is my smb.conf
[global]
realm = example.com
security = ADS
workgroup = example
encrypt passwords = yes
password server = *
netbios name = testserver
idmap backend = tdb
#idmap alloc backend = tdb
idmap uid = 11000-12000
idmap gid = 11000-12000
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 1
encrypt passwords = yes
winbind use default domain = Yes
winbind nested groups = Yes
log level = 2
enable privileges = yes
nt acl support = yes
client use spnego = yes
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192
SO_RCVBUF=8192
log file = /var/log/samba/%U.%m.log
Thank you
More information about the samba
mailing list