[Samba] idmap problems after update from 3.0.33 to 3.6.6

Thomas Attenberger thomas.attenberger at gmx.net
Wed Oct 16 07:30:13 MDT 2013 

I got it!
The error was at "idmap config ATRON:backend = ad", there must be "= tdb".

Thanks for your help!


2013/10/16 Rowland Penny <rowlandpenny at googlemail.com>

> On 16/10/13 13:56, Thomas Attenberger wrote:
>
>>
>>  Gesendet: Mittwoch, 16. Oktober 2013 um 13:36 Uhr
>>> Von: steve <steve at steve-ss.com>
>>> An: samba at lists.samba.org
>>> Betreff: Re: [Samba] idmap problems after update from 3.0.33 to 3.6.6
>>>
>>> On Wed, 2013-10-16 at 12:12 +0200, Thomas Attenberger wrote:
>>>
>>>> Hello,
>>>>
>>>> we are using a standalone samba server, which is a Win2008R2 domain
>>>> member.
>>>> The access rights on the shares are set with acl's.
>>>> After the update I could access the shares. But if i take a look to the
>>>> rights on the shares with "getfacl" I see only numbers instead of
>>>> usernames
>>>> and groups. Then I did a "getent passwd".There are now other numbers
>>>> mapped
>>>> to the users as before the update of samba! So now again "getfacl",
>>>> there
>>>> are now wrong user and group names...
>>>>
>>>> Here is the smb.conf after the update. I changed only the idmap
>>>> parameter.
>>>>
>>>> [global]
>>>>
>>>>          workgroup       = ATRON
>>>>          realm           = ATRON.LOCAL
>>>>          security        = ADS
>>>>          preferred master = no
>>>>          server string   = %h
>>>>          log file        = /var/log/samba/smb.log.%m
>>>>          winbind enum users = Yes
>>>>          winbind enum groups = Yes
>>>>          winbind use default domain = Yes
>>>>          winbind separator = +
>>>> #       idmap uid       = 10000-20000
>>>> #       idmap gid       = 10000-20000
>>>>          idmap config ATRON:range=10000-20000
>>>>          template shell  = /bin/bash
>>>>          username map    = /etc/samba/smbusers
>>>>
>>>> Unfortunately I'm no samba expert, so I hope someone can help me...
>>>>
>>>> Regards
>>>> Tom
>>>>
>>> Hi
>>> It depends where your rfc2307 attributes are coming from. If they are in
>>> AD then:
>>> winbind enum users = Yes
>>> winbind enum groups = Yes
>>> idmap config *:backend = tdb
>>> idmap config *:range = 3000-4000
>>> idmap config ATRON:backend = ad
>>> idmap config ATRON:range = 10000-20000
>>> idmap config ATRON:schema_mode = rfc2307
>>> winbind nss info = rfc2307
>>> winbind use default domain = Yes
>>>
>>> and due to me just having happened to have read a recent post, maybe
>>> also comment out the line:
>>> winbind separator = +
>>>
>>> Oh, don't forget to specify winbind in nsswitch.conf
>>>
>>> If you're not using AD then there are other alternatives but we do not
>>> have enough information to help further with the config you have
>>> provided.
>>>
>>> HTH
>>> Steve
>>>
>> Hi Steve,
>>
>> thanks for your help.
>> Yes, we are using an ActiveDirectory. I did all your suggestions in the
>> smb.conf, also nsswitch.conf is fine. But still "getent passwd" brings only
>> local users.
>>
>> The "wbinfo -u" is ok, but something not:
>>
>> [root at pluto3 ~]# wbinfo -t
>> checking the trust secret for domain ATRON via RPC calls succeeded
>>
>> [root at pluto3 ~]# wbinfo -i tom
>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for user tom
>>
>>
>> Have you any idea, what can I check?
>>
>> Best Regards
>> Tom
>>
> Hi, do your users have 'uidNumber' & 'gidNumber' attributes ? if not, you
> will not get anything because there is nothing there to get.
>
> Rowland
>
>

More information about the samba mailing list