[Samba] userid shows 4294967295

Rowland penny rpenny at samba.org
Mon Dec 7 15:27:52 UTC 2015 

On 07/12/15 12:52, Nico De Ranter wrote:
> Hello again,
>
> I'm getting close to a working setup but still run into glitches here and
> there.
>
> I have 2 Ubuntu servers working as AD server, one Ubuntu desktop with
> winbind configured.   I've setup a number of accounts with Unix
> properties.  I've been primarily testing with my own account which works
> just fine.  I've now assigned Unix properties to another account. When I
> run 'wbinfo -i' on the AD server I see the correct info:
>
> root at dc1:~# wbinfo -i test
> OFFICE\test:*:10000:500:test:/home/OFFICE/test:/bin/false
>
> When I try the same thing on the client I get:
>
> root at testpc2:~# wbinfo -i test
> test:*:4294967295:4294967295::/home/test:/bin/bash
>
> I also tried some other accounts and got the same result.  The only account
> that seems to work fine is my own account (and no it is not in /etc/passwd
> :-)
>
> Any idea what might be wrong?
>
> smb.conf on the client:
>
> [global]
>         security = ADS
>         workgroup = OFFICE
>         realm = WIN.OFFICE
>
>         log file = /var/log/samba/%m.log
>         log level = 1
>
>         dedicated keytab file = /etc/krb5.keytab
>         kerberos method = secrets and keytab
>
>         winbind refresh tickets = yes
>         winbind trusted domains only = no
>         winbind use default domain = yes
>         winbind enum users  = yes
>         winbind enum groups = yes
>         winbind offline logon = yes
>
>         client signing = yes
>         client use spnego = yes
>
>         idmap config = ad
>         winbind nss info = rfc2307
>
>          # Default idmap config used for BUILTIN and local accounts/groups
>         idmap backend = tdb
>         idmap range = 100-499
>
>         # idmap config for domain OFFICE
>         idmap config OFFICE : backend = ad
>         idmap config OFFICE : schema_mode = rfc2307
>         idmap config OFFICE : range = 500-29999

Your 'idmap config' block really should look like this:

    idmap config *:backend = tdb
    idmap config *:range = 2000-9999
    idmap config SAMDOM:backend = ad
    idmap config SAMDOM:schema_mode = rfc2307
    idmap config SAMDOM:range = 10000-99999

Also why are you using such strange ID numbers?

Rowland

> It worked for the user with uid 1048, it doesn't work for uid 1059, 1000,
> 9999, 10000
>

More information about the samba mailing list