[Samba] winbind: uid range is ignored

NdK ndk.clanbo at gmail.com
Fri Aug 3 01:01:50 MDT 2012


Il 03/08/2012 08:01, steve ha scritto:

> getent passwd/group works fine. I get the names and coresponding uid:gid
> numbers within the range specified in smb.conf but all I get when I list
> files on the nfs share, are numerical uid:gid values. I want those
> values to be DOMAIN\username DOMAIN\group rather than numerical values.
> 
> How do I do that?
Use *the same* range on both server and clients.

> The uid:gid values are not in the range set in smb.conf. They are the
> uid:gid values in idmap _on the server_. Its as if nsswitch is ignoring
> winbind.
Obvious. NFS passes *numeric* IDs, so if a file is owned by userid
123456 on the server, then the client will see the same 123456 uid.
That, if not correctly mapped, would give another user access to it
(negating access to the original one).

Actually, as long as you only allow NFS access to the server, it's
enough that all clients use the same mapping (the server could know
nothing about samba, winbind, ad and so on). But you'll need trusted
clients (ever wondered why 'client' contains 'lie'? ).

BYtE,
 Diego.


More information about the samba mailing list