[Samba] IDMAP Issue
Shaun Glass
shaunglass at gmail.com
Thu Jul 14 12:33:09 UTC 2016
... no, no sssd.
Basically we had :
id -a "localuser"
uid=17057
id -a "ABC+aduser"
uid=17057
... file ownership started getting wrecked so we are looking for a way to
correct.
On Thu, Jul 14, 2016 at 2:26 PM, Rowland penny <rpenny at samba.org> wrote:
> On 14/07/16 11:01, Shaun Glass wrote:
>
> ... as follows :
>
> rpm -qa | grep samba
> samba-3.6.23-35.el6_8.x86_64
> samba-common-3.6.23-35.el6_8.x86_64
> samba-winbind-clients-3.6.23-35.el6_8.x86_64
> samba-winbind-3.6.23-35.el6_8.x86_64
>
> [global]
> workgroup = ABC
> realm = ABC.COM
> security = ADS
> restrict anonymous = 1
> log file = /var/log/samba/log.%m
> max log size = 50
> client signing = required
> server signing = Yes
> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> dns proxy = No
> wins server = x.x.x.x
> socket address = x.x.x.x
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> idmap config * : range = 10000-20000
> idmap config * : backend = tdb
>
> On Thu, Jul 14, 2016 at 11:47 AM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 14/07/16 09:34, Shaun Glass wrote:
>>
>>> Good Day All,
>>>
>>> We have an issue where the following in smb.conf :
>>>
>>> idmap uid = 10000-20000
>>>
>>> ... it is resulting in assigned id's clashing with id's in passwd. What
>>> are
>>> the repercussions should we change to say the following :
>>>
>>> idmap uid = 20000-30000
>>>
>>> Many thanks.
>>>
>>> Regards
>>>
>>> Shaun
>>>
>>
>> What version of Samba ?
>> idmap uid (and gid) are depreciated in later versions of Samba, it may
>> help if you post the entire [global] section of your smb.conf.
>>
>> What ever the version of Samba, raising the lower level wouldn't really
>> be a good idea, any saved files belonging to an ID in the range 10000-20000
>> would lose their owners.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
> You initially asked about 'idmap uid', but I don't see it in your
> smb.conf, what I do see is:
>
> idmap config * : range = 10000-20000
> idmap config * : backend = tdb
>
> The '*' is for the BUILTIN users & groups etc
> I don't see anything for the Domain users & groups, are you also running
> sssd ?
> If so, you don't need winbind.
>
> Rowland
>
>
More information about the samba
mailing list