[Samba] User disappears, when enabling RC2307

Rowland Penny rowlandpenny at googlemail.com
Fri Aug 8 04:22:17 MDT 2014 

On 08/08/14 11:11, Lars Hanke wrote:
> Am 08.08.2014 11:24, schrieb Rowland Penny:
>> On 08/08/14 10:04, Lars Hanke wrote:
>>> I'm trying to configure a Samba 3.6.6 file server running on a
>>> Synology NAS to use uid/gid from RFC2307. The file server knows the
>>> users from the AD, but it does not use the uid stored in the AD. The
>>> smb.conf:
>>>
>>> [global]
>>>         printcap name=cups
>>>         winbind enum groups=yes
>>>         workgroup=AD
>>>         encrypt passwords=yes
>>>         security=ads
>>>         local master=no
>>>         realm=AD.MICROSULT.DE
>>>         passdb backend=smbpasswd
>>>         printing=cups
>>>         wins server=172.16.6.240
>>>         winbind enum users=yes
>>>         winbind use default domain=yes
>>>         #winbind nss info = rfc2307
>>>         idmap config AD: range = 1001 - 29999
>>>         idmap config AD: backend = ad
>>>         idmap config AD: schema_mode = rfc2307
>>>         idmap config *: range = 30000 - 50000
>>>         idmap config *: backend = tdb
>>>         load printers=yes
>>>         admin users=@AD\Domain Admins, at AD\Enterprise Admins
>>>
>>> This yields:
>>>
>>> DiskStation> id mgr
>>> uid=2436891734(mgr) gid=2436891137(domain users)
>>> groups=2436891137(domain users)
>>>
>>> But if I remove the # before "winbind nss info = rfc2307", the user
>>> disappears. Of course wbinfo -u still has it, but 'id' says it is
>>> unknown.
>>>
>>> Any idea how to resolve this?
>>>
>>> Kind regards,
>>>  - lars.
>> Hi, the numbers that you posted (2436891137 for instance) are they the
>> numbers stored in AD ? if so, they are slightly outside the range that
>
> No, the AD has 1001 for mgr. The other number was created by the NAS, 
> when I first attached it to the AD. smb.conf didn't have any RFC2307 
> entries then.
>
>> you have set in your smb.conf '30000 - 50000' (also the range should be
>> set as 30000-50000, not as you have it).
>>
>> You also do not require this line:
>> passdb backend=smbpasswd
>
> Right. It's from the original config. I removed it.
>
> Kind regards,
>  - lars.
>
OK, try clearing the winbind cache on the NAS, 'net cache flush'

Rowland

More information about the samba mailing list