[Samba] Strange GID and UID with winbindd + Samba AD DC
Rowland Penny
rowlandpenny at googlemail.com
Thu Mar 13 10:12:09 MDT 2014
On 13/03/14 15:41, Chan Min Wai wrote:
> Dear All,
>
> Any one have any idea?
>
> this is part of the config files which I think should be related.
>
> But I cannot see which part caused the issue.
> The users can access the files and folder but the problem are the large
> uid/gid and also wrong gid..
>
> Thank You
>
> [global]
> workgroup = AMTB-WORKGROUP
> security = ADS
> realm = KL01.AMTB-M.ORG.MY
> idmap config AMTB-WORKGROUP : backend = ad
> idmap config AMTB-WORKGROUP : schema_mode = rfc2307
> idmap config AMTB-WORKGROUP : range = 10000-849999
>
> winbind nss info = rfc2307
> winbind enum groups = yes
> winbind enum users = yes
> winbind use default domain = Yes
>
> winbind cache time = 300
> winbind refresh tickets = yes
> winbind offline logon = yes
> winbind nested groups = yes
> winbind max clients = 500
>
> netbios name = AmtbCluster
>
>
>
> On Thu, Mar 13, 2014 at 3:49 AM, Chan Min Wai <dcmwai at gmail.com> wrote:
>
>> Dear All,
>>
>> I've some strange entry on my getent as shown below.
>> It seem that
>>
>> There are some strange value UID/GID
>> 4294967295 <-- what number is this?
>>
>> I get this info from my Domain member which serving as a files server.
>>
>> Also some different GID from Samba AD DC
>>
>> E.g wbinfo from AD DC (default configuration after classical migratation)
>> --> AD DC have no winbind configuration.
>> wbinfo --group-info=mtcuser
>> AMTB-WORKGROUP\mtcuser:*:10002:
>> (GID is not show correctly on winbind of domain member)
>>
>>
>>
>> ==Domain Member result==
>> getent group
>> {snap major local group}
>> nullmail:x:88:
>> sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
>> allowed rodc password replication group:x:4294967295:
>> enterprise read-only domain controllers:x:4294967295:
>> sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
>> denied rodc password replication group:x:4294967295:krbtgt
>> read-only domain controllers:x:4294967295:
>> group policy creator owners:x:4294967295:administrator
>> docs:x:508:user002,user003,
>> software:x:511:dcmwai
>> finance:x:1005:dcmwai
>> mtcusers:x:4294967295:llchai,mtcuser01
>> ras and ias servers:x:4294967295:
>> domain controllers:x:4294967295:
>> enterprise admins:x:4294967295:administrator
>> web:x:510:dcmwai,mwchan
>> domain computers:x:515:
>> cert publishers:x:4294967295:
>> amtbkladmin:x:4294967295:dcmwai,amtbadmin,administrator
>> mirageadmin:x:4294967295:miragesvc
>> dnsupdateproxy:x:4294967295:
>> domain admins:x:512:dcmwai,administrator
>> domain guests:x:514:
>> schema admins:x:4294967295:administrator
>> domain users:x:513:
>> dnsadmins:x:4294967295:
>>
>>
>> getent passwd
>>
>>
>> avuser1:*:1036:513:avuser1:/home/avuser1:/bin/bash
>> avuser2:*:1037:513:avuser2:/home/avuser2:/bin/bash
>> user001:*:1012:513:user001:/home/user001:/bin/bash
>> user002:*:1064:513:user002:/home/user002:/bin/bash
>> user003:*:1065:513:user003:/home/user003:/bin/bash
>> dcmwai:*:1014:513:dcmwai:/home/dcmwai:/bin/bash
>> mwchan:*:10000:513:mwchan:/home/mwchan:/bin/bash
>> recep1:*:1021:513:recep1:/home/recep1:/bin/bash
>> recep2:*:1022:513:recep2:/home/recep2:/bin/bash
>> mtcuser01:*:1074:513:mtcuser01:/home/mtcuser01:/bin/bash
>>
>> dns-amtbserver:*:4294967295:513:dns-amtbserver:/home/AMTB-WORKGROUP/dns-amtbserver:/bin/false
>> administrator:*:10005:513:Administrator:/home/Administrator:/bin/sh
>> amtbadmin:*:10004:513:amtbadmin:/home/amtbadmin:/bin/bash
>>
>> dns-amtbsrv02:*:4294967295:513:dns-AMTBSRV02:/home/AMTB-WORKGROUP/dns-amtbsrv02:/bin/false
>> miragesvc:*:10002:513:miragesvc:/home/miragesvc:/bin/sh
>> krbtgt:*:4294967295:513:krbtgt:/home/AMTB-WORKGROUP/krbtgt:/bin/false
>> guest:*:65534:514:Guest:/var/empty:/bin/false
>>
>>
>> Anyone can advise what is going on?
>>
>> Thank You.
>>
Hi, you don't seem to have the builtin backend configured, try adding
something like:
Idmap config *:backend = tdb
idmap config *:range = 85000-86000
Rowland
More information about the samba
mailing list