[Samba] winbind bug?
Doug Tucker
tuckerd at lyle.smu.edu
Thu Mar 27 15:28:35 MDT 2014
>>
> Do you have access to the Windows server ? if you do, give all your
> users and groups the required RFC2307 attributes. You can do this
> using ADUC provided that it is showing the UNIX Attributes tab for
> users & groups. You can then pull these attributes with winbind, nlscd
> or sssd on the linux machine, your problem will then go away.
I'm a unix admin through and through, I know very little of AD. I have
access to change passwords...which I do from the command line, haha. I
asked our windows admin and he said there is some other thing with
windows 2003 server you have to install to get that tab??
>
> If you don't have access to the windows server, get your windows admin
> to do it for you. \
He's balking. He says I need to fix my unix id over 11000 issue. Which
I could probably do. I probably have enough open now from deleting old
accounts that I could script a mass uid change to something smaller to
make this problem go away. I was just hoping someone might have an idea
why unix id > 11000 was an issue and a way around it.
>
> This way of doing things is the standard windows way of doing things
> and has been for years, your way (as far as I can see) has never been
> standard, unless you can point me at just where it is published.
I've had these running like this for 10 years or so. Again, I just used
the samba wiki and a centos doc I found. I wrote my own "how-to" that I
have and used as the starting point for most of this server as well. I
can't say I've ever seen any how-to that claimed there was a "standard",
just steps to follow which I did. It wasn't until just now with this
3.6.9 version that I ever ran into any issue and it still is a very
isolated issue.
>
> The only other thing to say is, you should never try something new on
> a server running in production, you should do it on a test network,
> even if it means using VM's.
>
> Rowland
I agree. I had this in testing for 2 months before promoting to
production over the weekend. My test userbase was up to 100 users
without a single issue. Of course, not one of those had a unix id over
11000 :(. So far only 5 users have been affected, the other couple of
hundred are working away unaware that there is anything going on. I
will probably change dns back on Friday and let the users roll back to
the 3.033 machine so I have more freedom to make more drastic
changes...not that I know what that is at this point. Thanks for your
time Rowland, and I apologize you got frustrated.
More information about the samba
mailing list