[Samba] Strange GID and UID with winbindd + Samba AD DC
Chan Min Wai
dcmwai at gmail.com
Thu Mar 13 09:41:18 MDT 2014
Dear All,
Any one have any idea?
this is part of the config files which I think should be related.
But I cannot see which part caused the issue.
The users can access the files and folder but the problem are the large
uid/gid and also wrong gid..
Thank You
[global]
workgroup = AMTB-WORKGROUP
security = ADS
realm = KL01.AMTB-M.ORG.MY
idmap config AMTB-WORKGROUP : backend = ad
idmap config AMTB-WORKGROUP : schema_mode = rfc2307
idmap config AMTB-WORKGROUP : range = 10000-849999
winbind nss info = rfc2307
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = Yes
winbind cache time = 300
winbind refresh tickets = yes
winbind offline logon = yes
winbind nested groups = yes
winbind max clients = 500
netbios name = AmtbCluster
On Thu, Mar 13, 2014 at 3:49 AM, Chan Min Wai <dcmwai at gmail.com> wrote:
> Dear All,
>
> I've some strange entry on my getent as shown below.
> It seem that
>
> There are some strange value UID/GID
> 4294967295 <-- what number is this?
>
> I get this info from my Domain member which serving as a files server.
>
> Also some different GID from Samba AD DC
>
> E.g wbinfo from AD DC (default configuration after classical migratation)
> --> AD DC have no winbind configuration.
> wbinfo --group-info=mtcuser
> AMTB-WORKGROUP\mtcuser:*:10002:
> (GID is not show correctly on winbind of domain member)
>
>
>
> ==Domain Member result==
> getent group
> {snap major local group}
> nullmail:x:88:
> sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
> allowed rodc password replication group:x:4294967295:
> enterprise read-only domain controllers:x:4294967295:
> sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
> denied rodc password replication group:x:4294967295:krbtgt
> read-only domain controllers:x:4294967295:
> group policy creator owners:x:4294967295:administrator
> docs:x:508:user002,user003,
> software:x:511:dcmwai
> finance:x:1005:dcmwai
> mtcusers:x:4294967295:llchai,mtcuser01
> ras and ias servers:x:4294967295:
> domain controllers:x:4294967295:
> enterprise admins:x:4294967295:administrator
> web:x:510:dcmwai,mwchan
> domain computers:x:515:
> cert publishers:x:4294967295:
> amtbkladmin:x:4294967295:dcmwai,amtbadmin,administrator
> mirageadmin:x:4294967295:miragesvc
> dnsupdateproxy:x:4294967295:
> domain admins:x:512:dcmwai,administrator
> domain guests:x:514:
> schema admins:x:4294967295:administrator
> domain users:x:513:
> dnsadmins:x:4294967295:
>
>
> getent passwd
>
>
> avuser1:*:1036:513:avuser1:/home/avuser1:/bin/bash
> avuser2:*:1037:513:avuser2:/home/avuser2:/bin/bash
> user001:*:1012:513:user001:/home/user001:/bin/bash
> user002:*:1064:513:user002:/home/user002:/bin/bash
> user003:*:1065:513:user003:/home/user003:/bin/bash
> dcmwai:*:1014:513:dcmwai:/home/dcmwai:/bin/bash
> mwchan:*:10000:513:mwchan:/home/mwchan:/bin/bash
> recep1:*:1021:513:recep1:/home/recep1:/bin/bash
> recep2:*:1022:513:recep2:/home/recep2:/bin/bash
> mtcuser01:*:1074:513:mtcuser01:/home/mtcuser01:/bin/bash
>
> dns-amtbserver:*:4294967295:513:dns-amtbserver:/home/AMTB-WORKGROUP/dns-amtbserver:/bin/false
> administrator:*:10005:513:Administrator:/home/Administrator:/bin/sh
> amtbadmin:*:10004:513:amtbadmin:/home/amtbadmin:/bin/bash
>
> dns-amtbsrv02:*:4294967295:513:dns-AMTBSRV02:/home/AMTB-WORKGROUP/dns-amtbsrv02:/bin/false
> miragesvc:*:10002:513:miragesvc:/home/miragesvc:/bin/sh
> krbtgt:*:4294967295:513:krbtgt:/home/AMTB-WORKGROUP/krbtgt:/bin/false
> guest:*:65534:514:Guest:/var/empty:/bin/false
>
>
> Anyone can advise what is going on?
>
> Thank You.
>
More information about the samba
mailing list