[Samba] Samba domain member and rfc2307 user IDs
Rowland penny
rpenny at samba.org
Mon Jul 25 15:39:06 UTC 2016
On 25/07/16 16:02, Kevin Davidson wrote:
> Having problems with rfc2307 user ids. This was working briefly and now it’s not.
>
> samba and winbind v 2.4.2.10+dfs
>
> wbinfo -u lists all the domain users
> wbinfo -g lists all the domain groups
>
> getent group lists all the local groups and the AD domain groups that have a UNIX gid set
> getent passwd lists only the local users, then pauses for a moment, then nothing. AD users can’t log in and can’t access any shares being shared from the server.
>
> The domain user UNIX user IDs are all in the range 1001 - 2000 and need to match up with other servers using the same UIDs.
>
> This is from smb.conf on the domain server:
>
> [global]
>
> netbios name = TERRA
> workgroup = DOMAIN
> security = ADS
> realm = OFFICE.DOMAIN.COM
> encrypt passwords = yes
>
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 1001-60000
> idmap config DOMAIN:default = yes
> idmap config *:backend = tdb
> idmap config *:range = 60001-9999999
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> What have I done wrong?
>
You haven't done anything wrong.
The version you are using was released after the badlock patches were
released, your version includes a regression patch and should really be
4.2.11. There have been a few releases since then, these include patches
for regressions caused by the badlock patches, so is there anyway you
can upgrade Samba ?
Rowland
More information about the samba
mailing list