[Samba] Strange GID and UID with winbindd + Samba AD DC

Chan Min Wai dcmwai at gmail.com
Thu Mar 13 12:45:08 MDT 2014 

Dear Rowland,

I try, once I've added this
getent group will fail to load any samba group
But
getent group smbgroup will load that group

But
getent passwd is working fine.

it is strange....



On Fri, Mar 14, 2014 at 12:12 AM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:

> On 13/03/14 15:41, Chan Min Wai wrote:
>
>> Dear All,
>>
>> Any one have any idea?
>>
>> this is part of the config files which I think should be related.
>>
>> But I cannot see which part caused the issue.
>> The users can access the files and folder but the problem are the large
>> uid/gid and also wrong gid..
>>
>> Thank You
>>
>> [global]
>>          workgroup = AMTB-WORKGROUP
>>          security = ADS
>>          realm = KL01.AMTB-M.ORG.MY
>>          idmap config AMTB-WORKGROUP : backend = ad
>>          idmap config AMTB-WORKGROUP : schema_mode = rfc2307
>>          idmap config AMTB-WORKGROUP : range = 10000-849999
>>
>>          winbind nss info = rfc2307
>>          winbind enum groups = yes
>>          winbind enum users = yes
>>          winbind use default domain = Yes
>>
>>          winbind cache time = 300
>>          winbind refresh tickets = yes
>>          winbind offline logon = yes
>>          winbind nested groups = yes
>>          winbind max clients = 500
>>
>>          netbios name = AmtbCluster
>>
>>
>>
>> On Thu, Mar 13, 2014 at 3:49 AM, Chan Min Wai <dcmwai at gmail.com> wrote:
>>
>>  Dear All,
>>>
>>> I've some strange entry on my getent as shown below.
>>> It seem that
>>>
>>> There are some strange value UID/GID
>>> 4294967295 <-- what number is this?
>>>
>>> I get this info from my Domain member which serving as a files server.
>>>
>>> Also some different GID from Samba AD DC
>>>
>>> E.g wbinfo from AD DC (default configuration after classical migratation)
>>> --> AD DC have no winbind configuration.
>>> wbinfo --group-info=mtcuser
>>> AMTB-WORKGROUP\mtcuser:*:10002:
>>> (GID is not show correctly on winbind of domain member)
>>>
>>>
>>>
>>> ==Domain Member result==
>>> getent group
>>> {snap major local group}
>>> nullmail:x:88:
>>> sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
>>> allowed rodc password replication group:x:4294967295:
>>> enterprise read-only domain controllers:x:4294967295:
>>> sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
>>> denied rodc password replication group:x:4294967295:krbtgt
>>> read-only domain controllers:x:4294967295:
>>> group policy creator owners:x:4294967295:administrator
>>> docs:x:508:user002,user003,
>>> software:x:511:dcmwai
>>> finance:x:1005:dcmwai
>>> mtcusers:x:4294967295:llchai,mtcuser01
>>> ras and ias servers:x:4294967295:
>>> domain controllers:x:4294967295:
>>> enterprise admins:x:4294967295:administrator
>>> web:x:510:dcmwai,mwchan
>>> domain computers:x:515:
>>> cert publishers:x:4294967295:
>>> amtbkladmin:x:4294967295:dcmwai,amtbadmin,administrator
>>> mirageadmin:x:4294967295:miragesvc
>>> dnsupdateproxy:x:4294967295:
>>> domain admins:x:512:dcmwai,administrator
>>> domain guests:x:514:
>>> schema admins:x:4294967295:administrator
>>> domain users:x:513:
>>> dnsadmins:x:4294967295:
>>>
>>>
>>> getent passwd
>>>
>>>
>>> avuser1:*:1036:513:avuser1:/home/avuser1:/bin/bash
>>> avuser2:*:1037:513:avuser2:/home/avuser2:/bin/bash
>>> user001:*:1012:513:user001:/home/user001:/bin/bash
>>> user002:*:1064:513:user002:/home/user002:/bin/bash
>>> user003:*:1065:513:user003:/home/user003:/bin/bash
>>> dcmwai:*:1014:513:dcmwai:/home/dcmwai:/bin/bash
>>> mwchan:*:10000:513:mwchan:/home/mwchan:/bin/bash
>>> recep1:*:1021:513:recep1:/home/recep1:/bin/bash
>>> recep2:*:1022:513:recep2:/home/recep2:/bin/bash
>>> mtcuser01:*:1074:513:mtcuser01:/home/mtcuser01:/bin/bash
>>>
>>> dns-amtbserver:*:4294967295:513:dns-amtbserver:/home/AMTB-
>>> WORKGROUP/dns-amtbserver:/bin/false
>>> administrator:*:10005:513:Administrator:/home/Administrator:/bin/sh
>>> amtbadmin:*:10004:513:amtbadmin:/home/amtbadmin:/bin/bash
>>>
>>> dns-amtbsrv02:*:4294967295:513:dns-AMTBSRV02:/home/AMTB-
>>> WORKGROUP/dns-amtbsrv02:/bin/false
>>> miragesvc:*:10002:513:miragesvc:/home/miragesvc:/bin/sh
>>> krbtgt:*:4294967295:513:krbtgt:/home/AMTB-WORKGROUP/krbtgt:/bin/false
>>> guest:*:65534:514:Guest:/var/empty:/bin/false
>>>
>>>
>>> Anyone can advise what is going on?
>>>
>>> Thank You.
>>>
>>>  Hi, you don't seem to have the builtin backend configured, try adding
> something like:
>
> Idmap config *:backend = tdb
> idmap config *:range = 85000-86000
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list