[Samba] Strange GID and UID with winbindd + Samba AD DC
stephane.purnelle at corman.be
Fri Mar 14 04:49:32 MDT 2014
is all group have gidnumber ?
if no.... getent group will not work.
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-bounces at lists.samba.org wrote on 14/03/2014 11:45:26:
> De : Rowland Penny <rowlandpenny at googlemail.com>
> A : sambalist <samba at lists.samba.org>,
> Date : 14/03/2014 11:47
> Objet : Re: [Samba] Strange GID and UID with winbindd + Samba AD DC
> Envoyé par : samba-bounces at lists.samba.org
> On 14/03/14 10:23, Harry Jede wrote:
> > On 10:43:12 wrote Chan Min Wai:
> >> Dear Rowland and Steve,
> >> Thank you for the help.
> >> So confirm that there is nothing wrong with my configuration.
> > no
> >> But a Bugs in winbind. :)
> > No, i do not think so.
> OH, yes there is, I use sssd instead of winbind and do not have this
> problem i.e. 'getent group' lists all domain groups as well as the local
> ones. When I did try to get winbind to work, I got the same result as
> the OP, 'getent passwd' displayed all users, whilst 'getent group' only
> displayed local groups, I had to use 'getent group <a domain group>' to
> get the group to show.
> >> Yea :)
> >> Thank again.
> > Group mapping is one of the complex things in samba.
> > Your configuration may or may not work. It depends on your needs.
> > i.e. you try to configure a member server. Fine.
> > your setup:
> > sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
> > allowed rodc password replication group:x:4294967295:
> > enterprise read-only domain controllers:x:4294967295:
> > sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
> > denied rodc password replication group:x:4294967295:krbtgt
> > read-only domain controllers:x:4294967295:
> > group policy creator owners:x:4294967295:administrator
> > and so on...
> > All these groups has the same gidnumber. So for an posix filesystem
> > are the same, but with different names and different members. The
> > is ??
> > One may ask an oracle?
> > You have asked:
> > There are some strange value UID/GID
> > 4294967295 <-- what number is this?
> > Short answer:
> > (4294967295+1)/1024/1024/1024=4
> > 4 billion is the highest integer your OS supports.
> > This number (minus 1) comes from the idmapping stuff.
> > All your BUILTIN groups have the same gidnumber. So fix your config as
> > Rowland posted before.
> He has, that is when he found out that 'getent group' doesn't work. Also
> this must surely be another bug, if a range is not given for the builtin
> users & groups, winbind shouldn't just return 4294967295 for everything.
> > Think about "each group mmust have a unique gidnumber, on all servers
> > your domain and if you use multiple domains all BUILTIN groups may
> > a uniq gidnumber which should be the same for all domains"
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba