[Samba] Winbind backend = ldap pull uid-number and gid-number ldap values ?

Rowland Penny rowlandpenny at googlemail.com
Wed Dec 4 12:39:32 MST 2013 

On 04/12/13 19:02, Werthmuller, Derek wrote:
> Got part of it working, seems the gidnumber is not being pulled properly through.  Here is the member server smb.conf
> Note        idmap config DOM : range = 500 - 2000 is the number space where all my uidnumbers and gidnumbers are.
> Currently a getent passwd retrieves the list of users and displays the proper uid, but the gidnumber is in the outer range.
>
> Username:*:500:100::/exports/users/%U:/bin/bash   <- this is not correct group #  - it should be 500

You really shouldn't be using uidNumber's & gidNumber's that low, you 
are down in Unix range there. 0-500 is used by red hat based distros and 
0-1000 by debian based distros. The group '100' is probably the 'users' 
group and is set by samba 4 idmap.

>
> I wonder if I need to clear a windbind cache?  Net cache flush the correct way to do this on the member server?
>
> An ldapsearch of the ad directory to verify that the proper uid and gid are stored for that user reveals that they are.
> ...
> uidNumber: 500
> gidNumber: 500
> loginShell: /bin/bash
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> ...
>
> Smb.conf
> [global]
>          workgroup = DOM
>          realm = DOM.EXAMPLE.COM
>          server string = Samba Server Version %v
>          security = ADS
>          log file = /var/log/samba/log.%m
>          max log size = 50
>          template homedir = /exports/users/%U
>          template shell = /bin/bash
>          winbind enum users = Yes
>          winbind enum groups = Yes
>          winbind use default domain = Yes
>          idmap_ldb : use rfc2307 = yes
>          idmap config DOM : range = 500 - 2000      # range winbind has authority over to set.
>          idmap config DOM : backend = ad
>          idmap config * : range = 1000000-1999999  # range for entries if winbind can't find proper #
>          idmap config * : backend = tdb
>          cups options = raw
>
> Thanks
> 	Derek
>
Please post what your OS is and what precise versions of samba you are 
using.

Rowland

More information about the samba mailing list