[Samba] idmap problems after update from 3.0.33 to 3.6.6
steve
steve at steve-ss.com
Wed Oct 16 05:36:38 MDT 2013
On Wed, 2013-10-16 at 12:12 +0200, Thomas Attenberger wrote:
> Hello,
>
> we are using a standalone samba server, which is a Win2008R2 domain member.
> The access rights on the shares are set with acl's.
> After the update I could access the shares. But if i take a look to the
> rights on the shares with "getfacl" I see only numbers instead of usernames
> and groups. Then I did a "getent passwd".There are now other numbers mapped
> to the users as before the update of samba! So now again "getfacl", there
> are now wrong user and group names...
>
> Here is the smb.conf after the update. I changed only the idmap parameter.
>
> [global]
>
> workgroup = ATRON
> realm = ATRON.LOCAL
> security = ADS
> preferred master = no
> server string = %h
> log file = /var/log/samba/smb.log.%m
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind separator = +
> # idmap uid = 10000-20000
> # idmap gid = 10000-20000
> idmap config ATRON:range=10000-20000
> template shell = /bin/bash
> username map = /etc/samba/smbusers
>
> Unfortunately I'm no samba expert, so I hope someone can help me...
>
> Regards
> Tom
Hi
It depends where your rfc2307 attributes are coming from. If they are in
AD then:
winbind enum users = Yes
winbind enum groups = Yes
idmap config *:backend = tdb
idmap config *:range = 3000-4000
idmap config ATRON:backend = ad
idmap config ATRON:range = 10000-20000
idmap config ATRON:schema_mode = rfc2307
winbind nss info = rfc2307
winbind use default domain = Yes
and due to me just having happened to have read a recent post, maybe
also comment out the line:
winbind separator = +
Oh, don't forget to specify winbind in nsswitch.conf
If you're not using AD then there are other alternatives but we do not
have enough information to help further with the config you have
provided.
HTH
Steve
More information about the samba
mailing list