[Samba] IDMAP Issue

Shaun Glass shaunglass at gmail.com
Thu Jul 14 12:33:09 UTC 2016 

... no, no sssd.

Basically we had :

id -a "localuser"
uid=17057

id -a "ABC+aduser"
uid=17057

... file ownership started getting wrecked so we are looking for a way to
correct.

On Thu, Jul 14, 2016 at 2:26 PM, Rowland penny <rpenny at samba.org> wrote:

> On 14/07/16 11:01, Shaun Glass wrote:
>
> ... as follows :
>
> rpm -qa | grep samba
> samba-3.6.23-35.el6_8.x86_64
> samba-common-3.6.23-35.el6_8.x86_64
> samba-winbind-clients-3.6.23-35.el6_8.x86_64
> samba-winbind-3.6.23-35.el6_8.x86_64
>
> [global]
>     workgroup = ABC
>     realm = ABC.COM
>     security = ADS
>     restrict anonymous = 1
>     log file = /var/log/samba/log.%m
>     max log size = 50
>     client signing = required
>     server signing = Yes
>     socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>     dns proxy = No
>     wins server = x.x.x.x
>     socket address = x.x.x.x
>     winbind separator = +
>     winbind enum users = Yes
>     winbind enum groups = Yes
>     idmap config * : range = 10000-20000
>     idmap config * : backend = tdb
>
> On Thu, Jul 14, 2016 at 11:47 AM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 14/07/16 09:34, Shaun Glass wrote:
>>
>>> Good Day All,
>>>
>>> We have an issue where the following in smb.conf :
>>>
>>> idmap uid = 10000-20000
>>>
>>> ... it is resulting in assigned id's clashing with id's in passwd. What
>>> are
>>> the repercussions should we change to say the following :
>>>
>>> idmap uid = 20000-30000
>>>
>>> Many thanks.
>>>
>>> Regards
>>>
>>> Shaun
>>>
>>
>> What version of Samba ?
>> idmap uid (and gid) are depreciated in later versions of Samba, it may
>> help if you post the entire [global] section of your smb.conf.
>>
>> What ever the version of Samba, raising the lower level wouldn't really
>> be a good idea, any saved files belonging to an ID in the range 10000-20000
>> would lose their owners.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> You initially asked about 'idmap uid', but I don't see it in your
> smb.conf, what I do see is:
>
>     idmap config * : range = 10000-20000
>     idmap config * : backend = tdb
>
> The '*' is for the BUILTIN users & groups etc
> I don't see anything for the Domain users & groups, are you also running
> sssd ?
> If so, you don't need winbind.
>
> Rowland
>
>

More information about the samba mailing list