[Samba] SSSD - inconsistent UIDs

Peter Serbe peter at serbe.ch
Thu Sep 18 04:51:05 MDT 2014 

I have to aplogize: I was confused by some bogus UIDs 
in the getfacl output. What happens seems this: 
I set an acl for a domain user, but in getfacl I don't
see it any more (may be there, or not). E.g.:

setfacl -m u:SAMDOM\\peter:rwx test.txt

getfacl test.txt
# file: test.txt
# owner: 3000023
# group: users
user::rwx
user:1000:rwx
user:3000019:rwx
user:1855201104:rwx
user:1855201108:rwx
user:peter:rwx
group::r-x
group:users:r-x
group:3000023:rwx
group:3000028:rwx
mask::rwx
other::r-x

getent passwd
...
peter:x:1003:1003::/home/peter:/bin/sh
...
peter:*:1855201110:1855200513:peter:/:


There is a lot of bogus entries, which I didn't find a 
way to remove. But that is a different story...




Best regards
Peter





Peter Serbe schrieb am 18.09.2014 12:23:

> I followed the advice from Arun, with some mixed success. 
> For a couple of days I had no success, while constantly 
> seeing that 'getent passwd' did not list domain users, but 
> 
> # getent passwd administrator
> administrator:*:1855200500:1855200513:Administrator:/home/Administrator:/bin/sh
> 
> Finally I got 'getent passwd' working by adding 
> 
> enumerate = true
> 
> to the sssd.conf file *). Apparently this is a bug in sssd, 
> which may or may not occur. Maybe it would be a good idea, 
> to add a hint to the wiki documentation, that this option 
> might be a try when troubleshooting sssd. 
> 
> But now I see another strange thing: I did deleted my 
> domain account and added again - but even after a series 
> of rebooting setfacl uses the old uid. I did delete the 
> SSSD cache at /var/lib/sss/db/, but this did not have any 
> effect. 
> 
> Are there any other places, where I should delete something?
> Do I need to disable the idmap_ldb:use rfc2307 entry in 
> smb.conf? Or would it be best to reprovision samba and 
> start all over?
> 
> Thank You in advance!
> Peter
> 
> 
> *) got it from here:
> http://unixspace.wordpress.com/2013/08/20/rhel-6-system-security-services-daemon-sssd-getent-not-showing-all-ldap-accounts/
> 
> 
> 
> Arun Khan schrieb am 09.09.2014 21:55:
> 
>> On Tue, Sep 9, 2014 at 8:04 AM, Peter Serbe <peter at serbe.ch> wrote:
>>>..
>>>
>>> The reason can be found in the nslcd.conf
>>>
>>> ...
>>> map     passwd  uid                sAMAccountName
>>> ...
>> 
>> Suggest use sssd in place of nslcd.  I have posted a copy of my
>> sssd.conf that binds to LDAP (Samba4) in a post.
>> 
>> -- Arun Khan
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list