[Samba] Winbindd Strangeness

David Minard david at scem.uws.edu.au
Tue Jun 23 06:32:30 MDT 2015 

I've Set up a DC and a Member Server for a file server.  Both are running on Centos7 and samba version 4.2.2.  The Member Server is running smbd and winbindd.

I've followed the wiki and for the most part it's working.  However, after stuffing up the ranges, then fixing them up, when I create new accounts, adding all the Unix attributes, the UID_Number is not showing the correct value for new accounts.  Existing ones are okay.

Member_Server Config:

[global]

  netbios name = MS1
  workgroup = AD
  security = ADS
  realm = SAMBADOM
  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab

  idmap config *:backend = tdb
  idmap config *:range = 30000000-40000000
  idmap config SAMBADOM:backend = ad
  idmap config SAMBADOM:schema_mode = rfc2307
  idmap config SAMBADOM:range = 600-29999999

  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users  = yes
  winbind enum groups = yes
  winbind refresh tickets = Yes



Existing Account:
getent passwd fred

fred:*:4999:30000000:Fred Nerks:/home/fred:/bin/tcsh

New Account: 

fred1:*:30000002:30000000:Fred Nerks:/home/fred1:/bin/tcsh

Fred1 was set up with --uid-number='5004'

I've tried clearing winbindd caches as per some post I read:

systemctl stop winbindd
rm /usr/local/samba/var/locks/group_mapping.tdb* /usr/local/samba/var/locks/winbindd_idmap.tdb* /usr/local/samba/var/locks/winbindd_cache.tdb*
systemctl start winbindd

But no change.

I've also noticed that the default group that all users are in used to be "domain users", now for some reason they are all in "BUILTIN\administrators" !
 
Am I doing something wrong?  If so, what.  If not, how do I track down why this is happening?
 

Cheers,
David Minard.
Ph:    0247 360 155
Fax:    0247 360 770

School of Computing, Engineering, and Mathematics
Building Y - Penrith Campus (Kingswood)
Locked bag 1797
Penrith South DC
NSW 1797

[Sometimes waking up just isn't worth the insult of the day to come.]


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list