[Samba] SSSD - inconsistent UIDs
Peter Serbe
peter at serbe.ch
Thu Sep 18 04:51:05 MDT 2014
I have to aplogize: I was confused by some bogus UIDs
in the getfacl output. What happens seems this:
I set an acl for a domain user, but in getfacl I don't
see it any more (may be there, or not). E.g.:
setfacl -m u:SAMDOM\\peter:rwx test.txt
getfacl test.txt
# file: test.txt
# owner: 3000023
# group: users
user::rwx
user:1000:rwx
user:3000019:rwx
user:1855201104:rwx
user:1855201108:rwx
user:peter:rwx
group::r-x
group:users:r-x
group:3000023:rwx
group:3000028:rwx
mask::rwx
other::r-x
getent passwd
...
peter:x:1003:1003::/home/peter:/bin/sh
...
peter:*:1855201110:1855200513:peter:/:
There is a lot of bogus entries, which I didn't find a
way to remove. But that is a different story...
Best regards
Peter
Peter Serbe schrieb am 18.09.2014 12:23:
> I followed the advice from Arun, with some mixed success.
> For a couple of days I had no success, while constantly
> seeing that 'getent passwd' did not list domain users, but
>
> # getent passwd administrator
> administrator:*:1855200500:1855200513:Administrator:/home/Administrator:/bin/sh
>
> Finally I got 'getent passwd' working by adding
>
> enumerate = true
>
> to the sssd.conf file *). Apparently this is a bug in sssd,
> which may or may not occur. Maybe it would be a good idea,
> to add a hint to the wiki documentation, that this option
> might be a try when troubleshooting sssd.
>
> But now I see another strange thing: I did deleted my
> domain account and added again - but even after a series
> of rebooting setfacl uses the old uid. I did delete the
> SSSD cache at /var/lib/sss/db/, but this did not have any
> effect.
>
> Are there any other places, where I should delete something?
> Do I need to disable the idmap_ldb:use rfc2307 entry in
> smb.conf? Or would it be best to reprovision samba and
> start all over?
>
> Thank You in advance!
> Peter
>
>
> *) got it from here:
> http://unixspace.wordpress.com/2013/08/20/rhel-6-system-security-services-daemon-sssd-getent-not-showing-all-ldap-accounts/
>
>
>
> Arun Khan schrieb am 09.09.2014 21:55:
>
>> On Tue, Sep 9, 2014 at 8:04 AM, Peter Serbe <peter at serbe.ch> wrote:
>>>..
>>>
>>> The reason can be found in the nslcd.conf
>>>
>>> ...
>>> map passwd uid sAMAccountName
>>> ...
>>
>> Suggest use sssd in place of nslcd. I have posted a copy of my
>> sssd.conf that binds to LDAP (Samba4) in a post.
>>
>> -- Arun Khan
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list