[Samba] Winbind question

Chang, Jason (IW) jasonc at infinityward.com
Mon Aug 11 13:49:48 MDT 2014 

few things I would like to point out
1) One thing about getent group returning 'WBC_ERR_DOMAIN_NOT_FOUND'
is result of insufficient range for sid to gid mapping. increase the range.

2) For me, using "rid" as backend for consistent gid/uid mapping works 
across multiple samba. I wasn't able to get "ad" to work nicely.

3) is to make sure TDB config range and IDMAP config range doesn't overlap.
e.g
idmap config *:range 70001-80000
idmap config SAMDOM:range = 80001-160000

g'luck!

-JGC

On 08/11/2014 11:26 AM, Bruno MACADRE wrote:
> Strange, since only users with uid are shown with getent password, 
> groups are shown only if others have gid.... I don't know if it can be 
> called a bug, but thanks for the tips, I'll try it tomorrow.
>
> Best regards,
> Bruno
>
>
> Le 11/08/2014 19:27, Rowland Penny a écrit :
>> Known problem, not sure whether you can call it a bug. If you want 
>> 'getent
>> group' to work like 'getent passwd', you seemingly have to give ALL your
>> groups a gidNumber.
>>
>> Rowland
>>
>>
>> On 11 August 2014 18:04, Bruno MACADRÉ <bruno.macadre at univ-rouen.fr> 
>> wrote:
>>
>>> Thanks for all answers,
>>>
>>> I've added unix attributes to user foo by usnig ldbmodify and it 
>>> appears
>>> on getent passwd (with idmap backend = ad), I've done same with my 
>>> "domain
>>> users" group (added only gidNumber attribute) but it don't appear with
>>> getent group, but with 'getent group "domain users"' the group appears
>>> fine.... may be a bug between getent, nss and winbind....
>>>
>>> At last.... it works (except 'getent group'... but chown, chgrp, ...
>>> works) !
>>>
>>> Thanks all
>>> Regards,
>>> Bruno
>>>
>>> Le 11/08/2014 18:20, Rowland Penny a écrit :
>>>
>>>> Hi, glad to see that you have got it working and the answer to your
>>>> question is YES.
>>>>
>>>> If you use ADUC to create users and then update them via the
>>>> UNIX-Attributes, the first time you do this a couple of missing 
>>>> attributes
>>>> get added:
>>>> msSFU30MaxUidNumber and msSFU30MaxGidNumber
>>>>
>>>> Guess what they do ?
>>>>
>>>> Yes, that's right, they store the next uidNumber & gidNumber, so by 
>>>> using
>>>> an ldif you can easily write a script around ldbmodify to add the 
>>>> required
>>>> SFU attributes (you could easily done this even if you have 500 users)
>>>>
>>>> Rowland
>>>>
>>>>
>>>>
>>>> On 11 August 2014 16:49, Ryan Ashley <ryana at reachtechfp.com> wrote:
>>>>
>>>>   So you're saying that even though the ad backend is working, 
>>>> you'd still
>>>>> have to do this manually? Mine all have ID's I entered manually, 
>>>>> but I do
>>>>> not have that many users. Is there possibly a way to add a script 
>>>>> that
>>>>> runs
>>>>> on user creation that will find the first free ID in a range and 
>>>>> set it
>>>>> for
>>>>> that user's uidNumber and gidNumber?
>>>>>
>>>>> On 08/11/2014 11:47 AM, steve wrote:
>>>>>
>>>>>   On Mon, 2014-08-11 at 17:26 +0200, Bruno MACADRÉ wrote:
>>>>>>    I can't specify all POSIX attributes with
>>>>>>
>>>>>>> ADUC over about 5000 users by hand....
>>>>>>>
>>>>>>>
>>>>>>    I will fallback to rid idmap backend... it works fine
>>>>>> Hi
>>>>>> If you don't mind ids that differ between machines, then rid is 
>>>>>> the way
>>>>>> to go. Otherwise, script from your working rid output using getent
>>>>>> passwd, cut the (nice friendly colon delimited) id and then 
>>>>>> ldbmodify it
>>>>>> into AD as uidNumber. Any new users, just remember to add the values
>>>>>> when you create them.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>   --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>> -- 
>>>
>>> Bruno MACADRE
>>> -------------------------------------------------------------------
>>>   Ingénieur Systèmes et Réseau     | Systems and Network Engineer
>>>   Département Informatique         | Department of computer science
>>>   Responsable Info SER             | SER IT Manager
>>>   Université de Rouen              | University of Rouen
>>> -------------------------------------------------------------------
>>> Coordonnées / Contact :
>>>          Université de Rouen
>>>          Faculté des Sciences et Techniques - Madrillet
>>>          Avenue de l'Université
>>>          CS 70012
>>>          76801 St Etienne du Rouvray CEDEX
>>>          FRANCE
>>>
>>>          Tél : +33 (0)2-32-95-51-86
>>>          Mob : +33 (0)6-74-71-45-64
>>> -------------------------------------------------------------------
>>>
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list