[Samba] winbind: uid range is ignored

Gémes Géza geza at kzsdabas.hu
Fri Aug 3 03:03:10 MDT 2012 

2012-08-03 10:22 keltezéssel, steve írta:
> On 03/08/12 09:01, NdK wrote:
>> Il 03/08/2012 08:01, steve ha scritto:
>>
>>> getent passwd/group works fine. I get the names and coresponding 
>>> uid:gid
>>> numbers within the range specified in smb.conf but all I get when I 
>>> list
>>> files on the nfs share, are numerical uid:gid values. I want those
>>> values to be DOMAIN\username DOMAIN\group rather than numerical values.
>>>
>>> How do I do that?
>> Use *the same* range on both server and clients.
>
> Hi Diego
> Thanks for your patience in helping me sort this.
>
> It doesn't seem to matter. I can have the same id range on both server 
> and client. What is uid 3000027 on the server becomes uid 3000002 on 
> the client.
>
>>
>>> The uid:gid values are not in the range set in smb.conf. They are the
>>> uid:gid values in idmap _on the server_. Its as if nsswitch is ignoring
>>> winbind.
>> Obvious. NFS passes *numeric* IDs, so if a file is owned by userid
>> 123456 on the server, then the client will see the same 123456 uid.
>> That, if not correctly mapped, would give another user access to it
>> (negating access to the original one).
>
> That's exactly my point. My 3000027 maps correctly to DOMAIN\steve2 on 
> the server but getent passwd on the client gives DOMAIN\steve2 as 
> 3000002. If steve2 logs in and creates a file it becomes uid 3000027 
> and _not_ 3000002. If winbind is doing the mapping correctly it should 
> map 3000027 to 3000002 and when I list a file that I have made it 
> should give me back a uid of DOMAIN\steve2. It doesn't. The file 
> created has uid 3000027 which works _but_ I want to see uid's as 
> names, not numbers.
>
> I've also tried adding posixAccount, uidNumber and gidNumber to pull 
> the uid:gid directly from AD with:
> idmap config * : backend = ad
> but then, getent passwd gives me no list of users.
>
> Really stuck on this one. . .
> The client is Ubuntu 12.04 with samba 3.6.3. Maybe 3.6.3 has bugs?
>
> Cheers,
> steve
>
Please try with

     idmap backend = tdb
     idmap uid = some uninteresting range
     idmap gid = some uninteresting range

     idmap config YOURDOMAINNAMEHERE : backend  = ad
     idmap config YOURDOMAINNAMEHERE : range = the range you want your 
uids/gids to be

Like in http://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html

Regards

Geza Gemes

More information about the samba mailing list