[Samba] Winbind backend = ldap pull uid-number and gid-number ldap values ?
dwerthmu at ctg.albany.edu
Wed Dec 4 12:53:40 MST 2013
Yea the user base is rather old > 10 years, 500 is the lowest. Trying to make use of the uid and gid numbers since we have several linux file servers and that's how the users shared spaces are setup. We really don't want to have to reassign owner and group permissions on all the shares.
-bash-4.1$ more /etc/redhat-release
CentOS release 6.5 (Final)
-bash-4.1$ uname -a
Linux 2.6.32-431.el6.i686 #1 SMP Fri Nov 22 00:26:36 UTC 2013 i686 i686 i386 GNU/Linux
Samba DC versions
-bash-4.1$ rpm -qa |grep samba
Samba member version
Linux 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
CentOS release 6.5 (Final)
From: Rowland Penny [mailto:rowlandpenny at googlemail.com]
Sent: Wednesday, December 04, 2013 2:40 PM
To: Werthmuller, Derek; samba at lists.samba.org
Subject: Re: [Samba] Winbind backend = ldap pull uid-number and gid-number ldap values ?
On 04/12/13 19:02, Werthmuller, Derek wrote:
> Got part of it working, seems the gidnumber is not being pulled properly through. Here is the member server smb.conf
> Note idmap config DOM : range = 500 - 2000 is the number space where all my uidnumbers and gidnumbers are.
> Currently a getent passwd retrieves the list of users and displays the proper uid, but the gidnumber is in the outer range.
> Username:*:500:100::/exports/users/%U:/bin/bash <- this is not correct group # - it should be 500
You really shouldn't be using uidNumber's & gidNumber's that low, you are down in Unix range there. 0-500 is used by red hat based distros and
0-1000 by debian based distros. The group '100' is probably the 'users'
group and is set by samba 4 idmap.
> I wonder if I need to clear a windbind cache? Net cache flush the correct way to do this on the member server?
> An ldapsearch of the ad directory to verify that the proper uid and gid are stored for that user reveals that they are.
> uidNumber: 500
> gidNumber: 500
> loginShell: /bin/bash
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> workgroup = DOM
> realm = DOM.EXAMPLE.COM
> server string = Samba Server Version %v
> security = ADS
> log file = /var/log/samba/log.%m
> max log size = 50
> template homedir = /exports/users/%U
> template shell = /bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> idmap_ldb : use rfc2307 = yes
> idmap config DOM : range = 500 - 2000 # range winbind has authority over to set.
> idmap config DOM : backend = ad
> idmap config * : range = 1000000-1999999 # range for entries if winbind can't find proper #
> idmap config * : backend = tdb
> cups options = raw
Please post what your OS is and what precise versions of samba you are
More information about the samba