[Samba] Winbind backend = ldap pull uid-number and gid-number ldap values ?
rowlandpenny at googlemail.com
Wed Dec 4 12:39:32 MST 2013
On 04/12/13 19:02, Werthmuller, Derek wrote:
> Got part of it working, seems the gidnumber is not being pulled properly through. Here is the member server smb.conf
> Note idmap config DOM : range = 500 - 2000 is the number space where all my uidnumbers and gidnumbers are.
> Currently a getent passwd retrieves the list of users and displays the proper uid, but the gidnumber is in the outer range.
> Username:*:500:100::/exports/users/%U:/bin/bash <- this is not correct group # - it should be 500
You really shouldn't be using uidNumber's & gidNumber's that low, you
are down in Unix range there. 0-500 is used by red hat based distros and
0-1000 by debian based distros. The group '100' is probably the 'users'
group and is set by samba 4 idmap.
> I wonder if I need to clear a windbind cache? Net cache flush the correct way to do this on the member server?
> An ldapsearch of the ad directory to verify that the proper uid and gid are stored for that user reveals that they are.
> uidNumber: 500
> gidNumber: 500
> loginShell: /bin/bash
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> workgroup = DOM
> realm = DOM.EXAMPLE.COM
> server string = Samba Server Version %v
> security = ADS
> log file = /var/log/samba/log.%m
> max log size = 50
> template homedir = /exports/users/%U
> template shell = /bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> idmap_ldb : use rfc2307 = yes
> idmap config DOM : range = 500 - 2000 # range winbind has authority over to set.
> idmap config DOM : backend = ad
> idmap config * : range = 1000000-1999999 # range for entries if winbind can't find proper #
> idmap config * : backend = tdb
> cups options = raw
Please post what your OS is and what precise versions of samba you are
More information about the samba