[Samba] userid shows 4294967295

mathias dufresne infractory at gmail.com
Mon Dec 7 13:10:20 UTC 2015


I expect the difference comes from the fact you are using ID mapping
because, according to what I believe I understood, ID map generates UID
(the map) and gives these generated UID to users. So one system give one
UID to your teset users, another system gives him another UID.

You can configure into AD uidNumber and gidNumber to give your AD users
definitive UID/GID.
Adding that information to AD is not enough as on UNIX/Linux system you use
something to build users using information grab in AD. So you have to use a
tool which will use GIDs and UIDs you defined in AD.

According to my own opinion Winbind is meant to build UNIX system users for
Samba file sharing as Winbind rely mostly on MS Windows stuff to build
users. This has sense: Samba host files for Windows systems, ACLs must be
consistent, so on Samba file servers AD users should be built using MS
information from AD.

To use AD as a database to build UNIX/Linux systems users you should have a
look on SSSD or nslcd, they are more flexible, more designed to build UNIX
users from AD.

Cheers,

mathias

2015-12-07 13:52 GMT+01:00 Nico De Ranter <nico.deranter at esaturnus.com>:

> Hello again,
>
> I'm getting close to a working setup but still run into glitches here and
> there.
>
> I have 2 Ubuntu servers working as AD server, one Ubuntu desktop with
> winbind configured.   I've setup a number of accounts with Unix
> properties.  I've been primarily testing with my own account which works
> just fine.  I've now assigned Unix properties to another account. When I
> run 'wbinfo -i' on the AD server I see the correct info:
>
> root at dc1:~# wbinfo -i test
> OFFICE\test:*:10000:500:test:/home/OFFICE/test:/bin/false
>
> When I try the same thing on the client I get:
>
> root at testpc2:~# wbinfo -i test
> test:*:4294967295:4294967295::/home/test:/bin/bash
>
> I also tried some other accounts and got the same result.  The only account
> that seems to work fine is my own account (and no it is not in /etc/passwd
> :-)
>
> Any idea what might be wrong?
>
> smb.conf on the client:
>
> [global]
>        security = ADS
>        workgroup = OFFICE
>        realm = WIN.OFFICE
>
>        log file = /var/log/samba/%m.log
>        log level = 1
>
>        dedicated keytab file = /etc/krb5.keytab
>        kerberos method = secrets and keytab
>
>        winbind refresh tickets = yes
>        winbind trusted domains only = no
>        winbind use default domain = yes
>        winbind enum users  = yes
>        winbind enum groups = yes
>        winbind offline logon = yes
>
>        client signing = yes
>        client use spnego = yes
>
>        idmap config = ad
>        winbind nss info = rfc2307
>
>         # Default idmap config used for BUILTIN and local accounts/groups
>        idmap backend = tdb
>        idmap range = 100-499
>
>        # idmap config for domain OFFICE
>        idmap config OFFICE : backend = ad
>        idmap config OFFICE : schema_mode = rfc2307
>        idmap config OFFICE : range = 500-29999
>
> It worked for the user with uid 1048, it doesn't work for uid 1059, 1000,
> 9999, 10000
>
> --
> Nico De Ranter
>
> Operations Engineer
>
> T. +32 16 40 12 82
>
> M. +32 497 91 53 78
>
>
> <http://www.esaturnus.com>
>
>
>
> <http://www.esaturnus.com>
>
>
>
>
> <http://www.esaturnus.com/company/news/313>
>
>
>
> <http://www.esaturnus.com/>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list