[Samba] Samba4 Dc Winbind and uidNumbers

Thomas Simmons twsnnva at gmail.com
Wed Mar 27 04:35:07 MDT 2013 

On Wed, Mar 27, 2013 at 6:14 AM, Jim Potter <jimchuffff at googlemail.com> wrote:
> Hi all,
>
> I'm trying to get the unix extensions working in AD. I'm obviously missing
> something, but I can't see what...
>
> I've just created user Jim (using ADUC) and added a uidnumber (using
> ADSIEdit). From this and what I have below, user Jim should have uidNumber
> of 12345 (from AD) and not be prefixed with Domain name. This isn't
> happening. Does anyone have any idea why not?
>
> cheers,
>
> Jim
>
>
> Excerpt from getent passwd:
> saned:x:110:117::/home/saned:/bin/false
> FASTFOOD\Administrator:*:0:100::/home/FASTFOOD/Administrator:/bin/false
> FASTFOOD\Guest:*:3000011:3000012::/home/FASTFOOD/Guest:/bin/false
> FASTFOOD\krbtgt:*:3000016:100::/home/FASTFOOD/krbtgt:/bin/false
> FASTFOOD\jim:*:3000019:100:Jim Chuffff:/home/FASTFOOD/jim:/bin/false
>
>
> smb.conf:
> [global]
>         workgroup = FASTFOOD
>         realm = FASTFOOD.LAN
>         netbios name = CHIPSHOP
>         server role = active directory domain controller
>
>         dns forwarder = 62.24.199.13
>
>         log level = 3
>
>         algorithmic rid base = 10000
>
>         idmap config * : range = 50001-60000
>         idmap config * : backend = ad
>
>         idmap config FASTFOOD : range = 10000-50000
>         idmap config FASTFOOD : backend = ad

Hello Jim,
Try adding these lines. If this doesn't work, I think you're being
bitten by a known bug specific to this setup on an S4 DC. Andrew wrote
a patch back in Nov-Dec, but it may not have made it into the
codebase. Let me know if that doesn't work and I'll try to find that
thread. I'm pretty sure someone came up with a work around.

idmap config FASTFOOD : schema_mode = rfc2307
idmap config FASTFOOD : default = yes

winbind enum users = yes
winbind enum groups = yes

>         winbind nss info = rfc2307
>         winbind use default domain = yes
>
> [netlogon]
>         path = /var/lib/samba/sysvol/fastfood.lan/scripts
>         read only = No
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
> My user from AD:
> dn: CN=Jim Chuffff,CN=Users,DC=fastfood,DC=lan
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Jim Chuffff
> sn: Chuffff
> givenName: Jim
> instanceType: 4
> whenCreated: 20130317212551.0Z
> displayName: Jim Chuffff
> uSNCreated: 3873
> name: Jim Chuffff
> objectGUID:: hXvFCY0pTUeIgltTLbnOcQ==
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAbDu04eltc/ij6yQSUQQAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: jim
> sAMAccountType: 805306368
> userPrincipalName: jim at fastfood.lan
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=fastfood,DC=lan
> pwdLastSet: 130080291520000000
> userAccountControl: 66048
> uidNumber: 12345
> whenChanged: 20130317212824.0Z
> uSNChanged: 3877
> distinguishedName: CN=Jim Chuffff,CN=Users,DC=fastfood,DC=lan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list