[Samba] Samba 4.2.0 rc2 and winbindd, uid-/gidNumber and xidNumber
Rowland Penny
rowlandpenny at googlemail.com
Tue Nov 4 01:54:05 MST 2014
On 04/11/14 05:04, Davor Vusir wrote:
> 2014-11-03 23:12 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
>> On 03/11/14 21:14, Davor Vusir wrote:
>>> Trying out 4.2.0 rc2 and winbindd. Below is the AD DC's smb.conf.
>>> Samba on the AD DC is updated from 4.1.3.
>>> I'm having trouble getting uid-/gidNumbers. Just xidNumbers are
>>> displayed. All domain account and groups have got it assigned. What
>>> did I miss?
>>>
>>> Is it possible that the outcome from the commands run on the AD DC is
>>> a product from the fact that the domains NetBIOS-name is EXAMPLE and
>>> not the left-most part of the dns domain (SAMDOM)? Any ideas
>>> appreciated.
>>>
>>> Regards
>>> Davor
>>>
>>>
>>> Outcome from command ran on both the AD DC and a member server:
>>> AD DC:
>>> root at dc1:/usr/local/samba# id davor
>>> uid=3000023(davor) gid=100(users)
>>>
>>> groups=100(users),3000023(davor),3000020(fileacc-common),3000021(fileacc-home),3000009(BUILTIN\users)
>>> root at dc1:/usr/local/samba# getent passwd davor
>>> davor:*:3000023:100:Davor Vusir:/home/%D/%U:/bin/false
>>> root at dc1:/usr/local/samba# getent group 'Domain Users'
>>> domain users:x:100:
>>>
>>> Member server:
>>> admind at ostraaros:~$ id davor
>>> uid=11105(davor) gid=10513(domain users) groups=10513(domain
>>> users),11106(fileacc-home),11107(fileacc-common),1000003(BUILTIN\users)
>>> admind at ostraaros:~$ getent passwd davor
>>> davor:*:11105:10513::/home/EXAMPLE/davor:/bin/false
>>> admind at ostraaros:~$ getent group 'Domain Users'
>>> domain users:x:10513:
>>>
>>> smb.conf:
>>> [global]
>>> workgroup = EXAMPLE
>>> realm = samdom.example.org
>>> netbios name = DC1
>>> server role = active directory domain controller
>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>>> disable spoolss = yes
>>> log level = 3
>>> interfaces = 192.168.1.2/24 127.0.0.1/8
>>> bind interfaces only = yes
>>> idmap config EXAMPLE:backend = ad
>>> idmap config EXAMPLE:schema_mode = rfc2307
>>> idmap config EXAMPLE:range = 10000-999999
>>> idmap config *:backend = tdb
>>> idmap config *:range = 3000000-4000000
>>> winbind nss info = rfc2307
>>> winbind enum users = no
>>> winbind enum groups = no
>>> winbind nested groups = yes
>>> winbind expand groups = 4
>>> winbind use default domain = yes
>> Hi, I have a bug report open for winbindd on 4.2rc2 (10886), It does pull
>> the uidNumber & gidNumber for a user, but it still doesn't pull the
>> unixHomeDirectory & loginShell attributes. I also discovered, during my
>> testing, that you do not need (at present, at least) all the extra winbind &
>> idmap lines in smb.conf, you get the same results, whether they are there or
>> not.
>>
>> Rowland
>>
> Hi, thanks for your reply.
>
> I read your conversation with Michael Adams a few days ago. The fact
> that winbindd does not pull unixHomeDirectory and other attributes is
> of course a bug. But I don't manage to get it to pull uid- and
> gidNumber at all from AD. :)
>
> I also noticed that the extra idmap info in smb.conf doesn't matter.
>
> Is your ADs NetBIOS-name the left-most part of the name of your dns
> domain (EXAMPLE, example.org or SAMDOM, samdom.example.org)? If so,
> that might be the reason I can't get it to work. My dns domain is
> samdom.example.org and NetBIOS-name is EXAMPLE. Or is it a more
> obvious error which I don't see?
>
> For the moment I've got no reason to revert to version 4.1.3 though.
>
> Regards
> Davor
>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
Hi, yes, my test realm was example.com and the workgroup was EXAMPLE,
but if your setup works with earlier versions of S4, then I think that
you may have found another bug and would suggest you file a bug report.
Rowland
More information about the samba
mailing list