[Samba] winbind: uid range is ignored

steve steve at steve-ss.com
Thu Aug 2 10:42:48 MDT 2012 

On 02/08/12 18:16, Gémes Géza wrote:
> 2012-08-02 17:45 keltezéssel, steve írta:
>> On 02/08/12 17:14, Bjoern Baumbach wrote:
>>> Hi Steve,
>>>
>>> please use "idmap config * : range = ..." instead of idmap uid/gid.
>>>
>>
>> Thanks Jonathan and Bjoern
>> I have that now.
>>
>> I chose:
>> idmap config * : range = 30000-40000
>>
>> I have deleted the winbind files from /var/lib/samba and
>> /var/cache/samba and restarted smbd and winbind but the idmap ranges
>> are still at the old values. In fact they are the same numerical
>> values as on the DC e.g.
>>
>> -rw-r--r-- 1 3000037 20513 0 Aug  2 17:34 file1
>>
>> Back on the DC/fileserver that is correctly mapped as:
>>
>> -rw-r--r-- 1 POLOP\steve2 Domain Users 0 Aug  2 17:34 file1
>>
>> Is there a cache somewhere else? I have even totally purged the whole
>> of samba and reinstalled from nothing but still the old values reappear.
>> How do I lose the old values so it accepts my new range and maps the
>> files correctly as humanly readable uid:gid pairs rather than numbers?
>> nscd is not active.
>>
>> cheers
>> Steve
>>
>> /etc/samba/smb.conf
>> [global]
>> realm = polop.site
>> workgroup = POLOP
>> security = ADS
>> wide links = Yes
>> unix extensions = No
>> template shell = /bin/bash
>> winbind enum users = Yes
>> winbind enum groups = Yes
>> idmap config * : backend = tdb
>> idmap config * : range = 30000-40000
>>
>>
> I would suggest using idmap_ad:
>
> http://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html
>
> Regards
>
> Geza Gemes

Hi Geza
No. In this case it is a pure-by-the-book winbind test lan.

The problem is this:

Here is my id:
POLOP\steve2 at ubuntu1:~$ id
uid=30007(POLOP\steve2) gid=30014(POLOP\domain users) 
groups=30014(POLOP\domain users),30016(POLOP\staff),30018(BUILTIN\users)

When I create a file, I want to see a uid:gid of POLOP\steve2 
POLOP\domain users (as indeed I do back on the fileserver/DC)

But on the client, I see only the uid:gid _numbers_ which are stored in 
idmap.ldb on the server:

POLOP\steve2 at ubuntu1:~$ touch afile
POLOP\steve2 at ubuntu1:~$ ls -l afile
-rw-r--r-- 1 3000037 20513 0 Aug  2 18:34 afile

How do I convert
3000037 to POLOP\steve2
and
20513 to POLOP\domain users
on the client?

The shares are mounted via kerberized nfs on the client and _did_ map 
correctly before this thread started.

Cheers,
Steve

More information about the samba mailing list