[Samba] idmap problems after update from 3.0.33 to 3.6.6

Rowland Penny rowlandpenny at googlemail.com
Wed Oct 16 07:20:56 MDT 2013 

On 16/10/13 13:56, Thomas Attenberger wrote:
>
>> Gesendet: Mittwoch, 16. Oktober 2013 um 13:36 Uhr
>> Von: steve <steve at steve-ss.com>
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] idmap problems after update from 3.0.33 to 3.6.6
>>
>> On Wed, 2013-10-16 at 12:12 +0200, Thomas Attenberger wrote:
>>> Hello,
>>>
>>> we are using a standalone samba server, which is a Win2008R2 domain member.
>>> The access rights on the shares are set with acl's.
>>> After the update I could access the shares. But if i take a look to the
>>> rights on the shares with "getfacl" I see only numbers instead of usernames
>>> and groups. Then I did a "getent passwd".There are now other numbers mapped
>>> to the users as before the update of samba! So now again "getfacl", there
>>> are now wrong user and group names...
>>>
>>> Here is the smb.conf after the update. I changed only the idmap parameter.
>>>
>>> [global]
>>>
>>>          workgroup       = ATRON
>>>          realm           = ATRON.LOCAL
>>>          security        = ADS
>>>          preferred master = no
>>>          server string   = %h
>>>          log file        = /var/log/samba/smb.log.%m
>>>          winbind enum users = Yes
>>>          winbind enum groups = Yes
>>>          winbind use default domain = Yes
>>>          winbind separator = +
>>> #       idmap uid       = 10000-20000
>>> #       idmap gid       = 10000-20000
>>>          idmap config ATRON:range=10000-20000
>>>          template shell  = /bin/bash
>>>          username map    = /etc/samba/smbusers
>>>
>>> Unfortunately I'm no samba expert, so I hope someone can help me...
>>>
>>> Regards
>>> Tom
>> Hi
>> It depends where your rfc2307 attributes are coming from. If they are in
>> AD then:
>> winbind enum users = Yes
>> winbind enum groups = Yes
>> idmap config *:backend = tdb
>> idmap config *:range = 3000-4000
>> idmap config ATRON:backend = ad
>> idmap config ATRON:range = 10000-20000
>> idmap config ATRON:schema_mode = rfc2307
>> winbind nss info = rfc2307
>> winbind use default domain = Yes
>>
>> and due to me just having happened to have read a recent post, maybe
>> also comment out the line:
>> winbind separator = +
>>
>> Oh, don't forget to specify winbind in nsswitch.conf
>>
>> If you're not using AD then there are other alternatives but we do not
>> have enough information to help further with the config you have
>> provided.
>>
>> HTH
>> Steve
> Hi Steve,
>
> thanks for your help.
> Yes, we are using an ActiveDirectory. I did all your suggestions in the smb.conf, also nsswitch.conf is fine. But still "getent passwd" brings only local users.
>
> The "wbinfo -u" is ok, but something not:
>
> [root at pluto3 ~]# wbinfo -t
> checking the trust secret for domain ATRON via RPC calls succeeded
>
> [root at pluto3 ~]# wbinfo -i tom
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user tom
>
>
> Have you any idea, what can I check?
>
> Best Regards
> Tom
Hi, do your users have 'uidNumber' & 'gidNumber' attributes ? if not, 
you will not get anything because there is nothing there to get.

Rowland

More information about the samba mailing list