[Samba] idmap & migration to rfc2307

Jonathan Hunter jmhunter1 at gmail.com
Sat Jun 13 09:33:16 MDT 2015 

Hi buhorojo,

I *think* I have a stable system for the moment... so thank you :-)

On 13 June 2015 at 12:50, buhorojo <buhorojo.lcb at gmail.com> wrote:
>> I now set in smb.conf:
>>
>>          server services = -dns +winbind -winbindd
>>
>> I stopped samba, then removed databases:
>>
>> # rm /usr/local/samba/var/cache/gencache.tdb \
>>    /usr/local/samba/var/lock/gencache_notrans.tdb \
>
> Restore this:
>>
>>    /usr/local/samba/private/idmap.ldb

I have the following in smb.conf:
        server services = -dns +winbind -winbindd
        idmap_ldb:use rfc2307 = yes
and no 'winbind' lines anywhere.

I removed /usr/local/samba/var/cache/gencache.tdb and
/usr/local/samba/var/cache/gencache_notrans.tdb, and kept
/usr/local/samba/private/idmap.ldb (copied from other DC)

Now, when starting samba, I see stable connections using the correct
UID, even after some time:

# smbstatus
[....]
Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock
    SharePath   Name   Time
--------------------------------------------------------------------------------------------------
14717        41000      DENY_NONE  0x100081    RDONLY     NONE
    /data/sharename   .   Sat Jun 13 12:58:52 2015
14717        41000      DENY_NONE  0x100081    RDONLY     NONE
    /home/auser Documents   Sat Jun 13 15:44:42 2015
7330         41012      DENY_NONE  0x100081    RDONLY     NONE
    /data/anothershare   .   Sat Jun 13 16:25:40 2015
22048        41001      DENY_ALL   0x100080    RDONLY     NONE
    /home   .   Sat Jun 13 13:01:03 2015

There is nothing shown at all in 'net cache list'; I guess this is
fine (certainly, things seem to work at the moment)

Looks like a working minimal configuration for file serving from a DC
is the following, then:
- use rfc2307 UIDs (sadly, this is a must - I *wish* I could use some
kind of algorithmic mapping, ideally sssd's logic, but any really!)
- use sssd with 'ldap_id_mapping = False', and specify 'sss' for
passwd and group in /etc/nsswitch.conf
- Specify 'idmap_ldb:use rfc2307 = yes' in smb.conf
- Add '+winbind -winbindd' to 'server services =' in smb.conf


-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

More information about the samba mailing list