[Samba] winbind bug?

Doug Tucker tuckerd at lyle.smu.edu
Thu Mar 27 12:25:29 MDT 2014

[root at lylesmb1 samba]# getent passwd tuckerd
tuckerd:vpEMa0kDPwsvM:4011:500:Doug Tucker:/users4/enoc/tuckerd:/bin/bash

[root at lylesmb1 samba]# getent passwd jghorbanian

[root at lylesmb1 samba]# id tuckerd
uid=4011(tuckerd) gid=500(seasadm) groups=500(seasadm)

[root at lylesmb1 samba]# id jghorbanian
uid=11333(jghorbanian) gid=450(cmegrad) groups=450(cmegrad)

tuckerd works
jghorbanian does not work...on windows 7...works on windows XP...note 
his unix ID# > 11000...i changed his unix id to 3308 and then he worked 
just fine.


Doug Tucker

On 03/27/2014 01:12 PM, Chan Min Wai wrote:
> did getent passwd username
> or id username show something strange?
> On Fri, Mar 28, 2014 at 2:08 AM, Doug Tucker <tuckerd at lyle.smu.edu 
> <mailto:tuckerd at lyle.smu.edu>> wrote:
>     On 03/27/2014 12:51 PM, Chan Min Wai wrote:
>         Hi Doung,
>         Quote you statement "configuration and held the unix uid's,
>         etc..that this would tell samba to look to AD for those values
>         (which concerns me to put that in and break all the existing
>         users) and we certainly do not have that in our AD here"
>         If your AD users don't have unix uid , home dir, shell...
>     It gets this from unix.  We merely pass the login credentials to
>     AD for authentication.  Then we map to the unix side for unix uid,
>     home dir.   This directive maps the unix users to a corresponding
>     AD user:
>     # Unix users can map to different SMB User names
>        username map = /etc/samba/domain_user.map
>         If you don't have unix uid, winbind will not read this users...
>     All users are being read by winbind, even the ones that are
>     failing..those with unix ID > 11000.  I can show you the logs on a
>     failed user.  They pass authentication.  Their unix id is correct.
>      Samba presents then their home directory, and then suddenly drops
>     to "access denied".
>     Not to throw confusion in it as I am trying to get some focus on
>     this fact that unix ID > 11000 fails on windows 7..but, if I
>     change the home directory permissions on the unix side from 700
>     (standard) to 777...the user that *was* failing can then map the
>     directory, and when they write files, it is written with the
>     correct permissions.

More information about the samba mailing list