[Samba] User home directory UID:GID incorrect on VM Samba 4 AD client

Paul R. Ganci ganci at nurdog.com
Wed Oct 23 21:21:41 MDT 2013

On 10/22/2013 02:24 AM, steve wrote:
> smb.conf
> remove:
> idmap_ldb:use rfc2307 = yes
> and you need a keytab, so add:
> kerberos method = system keytab
> before you do the rejoin below.
> The rid db is wrong after the upgrade. Leave the domain, then delete all
> the tdb's (I think they're in /var/lib/samba on CentOS). Then rejoin.
Here is what fixed my issue. On the client side smb.conf I did the 


       idmap_ldb:use rfc2307 = yes


       kerberos method = system keytab

as suggested. I also issued the shell commands

 > net ads keytab create -U Administrator
 > /etc/rc.d/init.d/sernet-samba-smbd restart
 > /etc/rc.d/init.d/sernet-samba-nmbd restart
 > /etc/rc.d/init.d/sernet-samba-winbindd restart

on each client to create the necessary /etc/krb5.keytab file and restart 
all the samba daemons.

These actions fixed the problem. It turns out that I did not have to 
remove the .tdb files in the end.
> If you really must use nfs then ignore the following:
> Now export using cifs:
> auto.home
> * -fstype=cifs,sec=krb5,multiuser,username=VMMACHINEKEY
> $ ://the.share.for.home/&
I used both the nfs and cifs auto.home methods and both work. I did 
switch over to using cifs version.

My intention is to switch over to the AD backend. I have to add all the 
proper posix attributes to the /var/lib/samba/private/sam.ldb database. 
But after I get that working I should then be able to switch over to 
sssd for the linux clients.

Steve, many thanks for helping solve the immediate problem. Your help 
was greatly appreciated.

-- Paul

More information about the samba mailing list