[Samba] winbind on server have different UIDs on each Member Server

Rowland Penny rowlandpenny at googlemail.com
Fri May 23 03:03:33 MDT 2014 

On 23/05/14 09:56, William Antonin wrote:
> Hello
>
> I have a big problem.
>
> I'm in labs situation with  2 domain controllers DC1,DC2 samba 4 (Ubuntu
> 14.04) in different networks and each of them have a client (Ubuntu 12.04).
>
>
>
> When I want to get  uid/gid, I use "wbinfo –i user" and I get the same
> results on each clients if they have the same configuration. It's ok for
> client.
>
>
>
> But when I install winbind on servers (Ubuntu 14.04), just to be able to
> use the wbinfo command, I can use "wbinfo –i name" but on my 2 DCs I get a
> not expected result for the uid/gid. It seems that the idmap mapping is not
> interpreted.
>
>
>
> Here is my smb.conf excerpt and the results on a client and a server:
>
>
>
> Excerpt smb.conf of server
>
> Global parameters
>
> [global]
>
>                  workgroup = PREVERT
>
>                  realm = PREVERT.LAN
>
>                  netbios name = DCFR
>
>                  server role = active directory domain controller
>
>                  server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
>
>                  idmap_ldb:use rfc2307 = yes
>
>                  winbind nss info = rfc2307
>
>
>
> [netlogon]
>
>                  path = /var/lib/samba/sysvol/prevert.lan/scripts
>
>                  read only = No
>
>
>
> [sysvol]
>
>                  path = /var/lib/samba/sysvol
>
>                  read only = No
>
>
>
> Excerpt smb.conf of client
>
> [global]
>
> ; Basic server settings
>
>    workgroup = PREVERT
>
>    realm = PREVERT.LAN
>
>    smb ports = 139
>
>
>
>    log file = /var/log/samba/%m.log
>
>    max log size = 1024
>
>
>
> ; security options
>
>    ;hosts allow = 10.1.1. 127.0.0.1
>
>    security = ADS
>
>    null passwords = no
>
>    password server = dcfr.prevert.lan
>
>    encrypt passwords = yes
>
>    guest ok = no
>
>    invalid users = root bin daemon named sys tty disk mem kmem users sshd
>
>
>
>    idmap config PREVERT:backend = rid
>
>    idmap config PREVERT:schema_mode = rfc2307
>
>    idmap config PREVERT:range = 10000-19999
>
>    idmap config PREVERT:read only = yes
>
>
>
>    winbind nss info = rfc2307
>
>
>
>
>
>    winbind uid = 60000-70000
>
>    winbind use default domain = Yes
>
>    winbind enum users = Yes
>
>    winbind enum groups = Yes
>
>
>
>
>
>    wins server = dcfr.prevert.lan
>
>
>
>
>
>    inherit acls = Yes
>
>
>
>
>
>
>
>    template homedir = /home/%U
>
>    template shell = /bin/false
>
>
>
>
>
>
>
>
>
>
>
>
>
> Wbinfo –I bob sur client
>
> bob:*:11106:10513:bob:/machine1/home/bob:/bin/sh
>
> Wbinfo –I guy sur server
>
> PREVERT\bob:*:10000:10000::/home/PREVERT/bob:/bin/false
>
>
> Someone can help me, please.
The problem here is that the winbind on the server is not the same as 
the winbind on the clients, you are also using the rid backend on the 
clients. The only way to get consistent uid/gid's everywhere is to use 
the ad backend on the clients and give your users/groups uidNumber's 
&/or gidNumber's.

Rowland

More information about the samba mailing list