[Samba] Samba4 AD -- Mac OS X clients uid:gid numbers not consistent

Arun Khan knura9 at gmail.com
Tue Sep 9 04:56:20 MDT 2014


On Mon, Sep 8, 2014 at 9:29 PM, Rowland Penny
<rowlandpenny at googlemail.com> wrote:
> On 08/09/14 16:56, Arun Khan wrote:
>>
>> I have setup a Zentyal 3.2 Samba4 AD.  I am using RSAT to administer
>> the AD server.
>>
>> Windows7 and Linux (CentOS) clients are able to join the AD; uid/gid
>> of directories/files show up as per the definitions in Samba4.
>>
>> With Mac OS X clients, there is a problem.   The OS X nodes are able
>> to join the domain (quite a few blogs on this subject). The AD
>> connection shows green button.
>>
>> The AD user is able to login.  However, the uid:gid number maps are
>> not the same as in the Linux clients (below).  Example Linux client
>> shows UID 3000064 whereas the OS X shows 1465847454!
>>
>> I am getting the same result with Samba 4.1.11 Sernet packages for
>> CentOS 6.  I have searched but I have not been able to find a solution
>> yet.
>>
>> Any pointers to resolve this problem would be much appreciated.
>>
>> Thanks for your help.
>> -- Arun Khan
>>
>> ####### MAC Workstation ###########
>>
>> $ id redhat.linux
>>
>> uid=1465847454(redhat.linux) gid=157835854(MASS\Domain Users)
>> groups=157835854(MASS\Domain
>>
>> Users),31839191(MASS\tex),38453246(MASS\pum),54847712(MASS\people),136070221(MASS\ice),611498342(MASS\prod),937332115(MASS\zip),943789798(MASS\lgo),1634451510(MASS\ao2),1777519165(MASS\swnartist),1907739953(MASS\cnb),1969236052(MASS\lite),2056039516(MASS\Domain
>>
>> Admins),79284988(MASS\tech),229719682(MASS\swnprod),389580424(MASS\cmm),413624907(MASS\ase_test),507063418(MASS\sup),511815653(MASS\sf1),12(everyone),62(netaccounts),885447622(MASS\AD_SUDO),1104925252(MASS\linuxproxy),1444867574(MASS\skp),1542738964(MASS\a02pmo),1769264895(MASS\rsm),1928644924(MASS\lib),2090666068(MASS\a02artist),401(com.apple.sharepoint.group.1),417919610(MASS\Denied
>> RODC Password Replication Group)
>>
>>
>> ########### Linux Workstations ###############
>>
>> $ id redhat.linux
>>
>> uid=3000064(redhat.linux) gid=1901(__USERS__)
>>
>> groups=1901(__USERS__),3000041(people),4(adm),3000000(Administrators),3000005(Denied
>> RODC Password Replication
>>
>> Group),3000009(Users),3000133(a02artist),3000135(a02pmo),3000139(ao2),3000142(ase_test),3000145(cmm),3000146(cnb),3000149(ice),3000150(lgo),3000151(lib),3000153(linuxproxy),3000154(lite),3000159(prod),3000160(pum),3000162(rsm),3000163(sf1),3000165(skp),3000166(AD_SUDO),3000167(sup),3000169(swnartist),3000170(swnprod),3000171(tech),3000172(tex),3000174(zip)
>
> Hi, can you post your smb.conf files from your centos & mac machines.
>

The CentOS machines are authenticating with SSSD.   I have copy/pasted
the contents of sssd.conf below.

<sssd.conf>

[sssd]
config_file_version = 2
services = nss, pam
domains = INTRA.EXAMPLE.COM
sbus_timeout = 30

[nss]
filter_users = root
filter_groups = root
reconnection_retries = 3

[pam]
reconnection_retries = 3
offline_credentials_expiration = 0


[domain/INTRA.EXAMPLE.COM]
min_id = 1000
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_uri = ldap://smbad.intra.example.com:390/
ldap_search_base = dc=intra,dc=example,dc=com
cache_credentials = true
enumerate = true
krb5_server = smbad.intra.example.com:8880
krb5_realm= INTRA.EXAMPLE.COM
ldap_default_bind_dn = cn=zentyalro,dc=intra,dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = P@$$w0Rd
</sssd.conf>

The MAC OS X has it's own GUI plug-ins to configure the AD connection.
I don't see any smb.conf file in the /etc dir tree.

-- Arun Khan


More information about the samba mailing list