[Samba] Missing entries in idmap.ldb
Kirin van der Veer
kirin.vanderveer at planetinnovation.com.au
Mon Nov 17 15:35:52 MST 2014
Hi Rowland,
I was trying to change the AD -> Unix mapping of some of my users.
I wanted to map some admin accounts to the root user (0) so that they could
easily edit permissions on all shares and folders regardless of the groups
that they were assigned to.
If there's a better way of accomplishing that then I'm all ears.
Kirin.
On 17 November 2014 20:38, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> On 17/11/14 00:57, Kirin van der Veer wrote:
>
>> Thanks for replying to my issue.
>> I was trying to edit the user mapping for the above users manually.
>> (apologies that I neglected to mention that in my initial email).
>> I have solved the problem with wbinfo.
>> If I run:
>> wbinfo --sids-to-unix-ids S-1-5-21-3663128747-3839060396-3176805764-11981
>>
>> Then it populates data into the idmap.ldb and I am able to edit user
>> mappings with the following command:
>> ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb
>> objectsid=S-1-5-21-3663128747-3839060396-3176805764-11981
>>
>> (which is the original command I was trying to use)
>>
>> Sorry if I was not clear in my original email, and thanks for your help.
>>
>> Kirin.
>>
>>
>> On 15 November 2014 05:23, Rowland Penny <rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>
>> On 14/11/14 18:18, Marc Muehlfeld wrote:
>>
>> Hello Kirin,
>>
>> Am 13.11.2014 um 23:38 schrieb Kirin van der Veer:
>>
>> When I run ldbedit on idmap.ldb some of my SIDs seem to be
>> missing.
>> The below output demonstrates the problem quite clearly:
>>
>> root at server:/# wbinfo -n administrator
>> S-1-5-21-3663128747-3839060396-3176805764-500 SID_USER (1)
>> root at server:/# ldbedit -e /usr/bin/vim -H
>> /var/lib/samba/private/idmap.ldb
>> objectsid=S-1-5-21-3663128747-3839060396-3176805764-500
>> # 0 adds 0 modifies 0 deletes
>> root at server:/# wbinfo -n user1-admin
>> S-1-5-21-3663128747-3839060396-3176805764-11824 SID_USER (1)
>> root at server:/# ldbedit -e /usr/bin/vim -H
>> /var/lib/samba/private/idmap.ldb
>> objectsid=S-1-5-21-3663128747-3839060396-3176805764-11824
>> # 0 adds 0 modifies 0 deletes
>> root at server:/# wbinfo -n user2-admin
>> S-1-5-21-3663128747-3839060396-3176805764-11983 SID_USER (1)
>> root at server:/# ldbedit -e /usr/bin/vim -H
>> /var/lib/samba/private/idmap.ldb
>> objectsid=S-1-5-21-3663128747-3839060396-3176805764-11983
>> no matching records - cannot edit
>> root at server:/# wbinfo -n user3-admin
>> S-1-5-21-3663128747-3839060396-3176805764-11981 SID_USER (1)
>> root at server:/# ldbedit -e /usr/bin/vim -H
>> /var/lib/samba/private/idmap.ldb
>> objectsid=S-1-5-21-3663128747-3839060396-3176805764-11981
>> no matching records - cannot edit
>>
>>
>> I'm not sure, if I understand, what you do there. You get the
>> SID of an
>> account and then edit idmap.ldb? But what do you do there when
>> you say
>>
>> # ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb
>> objectsid=S-1-5-21-3663128747-3839060396-3176805764-11981
>>
>> Do you mean with that, that you search for that line in the
>> editor and
>> you can't find it?
>>
>>
>>
>> Regards,
>> Marc
>>
>> Hi, I think the OP is having a problem he isn't telling us and he
>> is trying to find a reason for it. I do not think that it is
>> anything to do with idmap.ldb, I have users that do not appear in
>> idmap.ldb and do not have any problems.
>>
>> Rowland
>>
>> -- To unsubscribe from this list go to the following URL and read
>> the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
>>
>> --
>> Kirin van der Veer
>> *_______________________
>> IT Support*
>> Planet Innovation
>> Phone: 03 9945 7549
>> Mobile: 0409 728 275
>> 81–89 Cotham Road, Kew VIC 3101 Australia
>> planetinnovation.com.au <http://planetinnovation.com.au>
>>
>>
>> *IMPORTANT NOTE. *If you are NOT AN AUTHORISED RECIPIENT of this e-mail,
>> please contact Planet Innovation Pty Ltd by return e-mail or by telephone
>> on +613 9945 7510. In this case, you should not read, print,
>> re-transmit, store or act in reliance on this e-mail or any attachments,
>> and should destroy all copies of them. This e-mail and any attachments are
>> confidential and may contain legally privileged information and/or
>> copyright material of Planet Innovation Pty Ltd or third parties. You
>> should only re-transmit, distribute or commercialise the material if you
>> are authorised to do so. Although we use virus scanning software, we deny
>> all liability for viruses or alike in any message or attachment. This
>> notice should not be removed.
>>
>> **
>>
> Why are you trying to edit idmap.ldb ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
Kirin van der Veer
*_______________________IT Support*
Planet Innovation
Phone: 03 9945 7549
Mobile: 0409 728 275
81–89 Cotham Road, Kew VIC 3101 Australia
planetinnovation.com.au
--
*IMPORTANT NOTE. *If you are NOT AN AUTHORISED RECIPIENT of this e-mail,
please contact Planet Innovation Pty Ltd by return e-mail or by telephone
on +613 9945 7510. In this case, you should not read, print, re-transmit,
store or act in reliance on this e-mail or any attachments, and should
destroy all copies of them. This e-mail and any attachments are
confidential and may contain legally privileged information and/or
copyright material of Planet Innovation Pty Ltd or third parties. You
should only re-transmit, distribute or commercialise the material if you
are authorised to do so. Although we use virus scanning software, we deny
all liability for viruses or alike in any message or attachment. This
notice should not be removed.
More information about the samba
mailing list