[Samba] Samba4 Domain Member Server "Getent show diferents UID"

Rowland penny rpenny at samba.org
Tue Jun 14 15:07:57 UTC 2016


On 14/06/16 15:36, Juan Ignacio wrote:
> I go to answer all, here I go.
>
> Have you given your users a uidNumber attribute ?
>
> Not all, but im set it in my user and not work.
>
> Have you given 'Domain Users' (at least) a gidNumber attribute ?
>
> Not all, but im set it in my user and not work.
>
> If you have done the above, have you run 'net cache flush' on the DC ?
>
> Yes  :-(
>
> Is PAM set up correctly on the DC and domain member ?
> Yes.
>
> The smb.conf on the DC.
>
> [global]
>        netbios name = XXXXXX
>        security = ADS
>        workgroup = XXXXXXX
>        realm = XXXXXXX
>
>        log file = /var/log/samba/%m.log
>        log level = 1
>
>        # idmap config used for your domain.
>        # Click on the following links for more information
>        # on the available winbind idmap backends,
>        # Choose the one that fits your requirements
>        # then add the corresponding configuration.
>
>        # Just adding the following three lines is not enough!!
>        #  - idmap config ad
>        #  - idmap config rid
>        #  - idmap_config_autorid
>
>         idmap config * : backend = tdb
>         idmap config * : range = 100000-299999
>         idmap config TEST : backend = rid
>         idmap config TEST : range = 10000-99999
>         winbind separator = +
>         winbind enum users = yes
>         winbind enum groups = yes
>         winbind use default domain = yes
>         winbind refresh tickets = yes
>
>
> [test]
>         read only = no
>         path = /testSamba
> ~
>
> The smb.conf in the AD DC.
>
>  Global parameters
> [global]
>         workgroup = XXXXX
>         realm = XXXXXXXX
>         netbios name = XXXXXXX
>         server role = active directory domain controller
>         dns forwarder = xxx.xx.xxx.xxx
>         allow dns updates = nonsecure and secure
>         #server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
> winbind, ntp_signd, kcc, dnsupdate, dns, smb
>         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, 
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, 
> eventlog6, backupkey, dnsserver, winreg, srvsvc
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl,winbind, ntp_signd, kcc, dnsupdate, dns
>         idmap_ldb:use rfc2307 = yes
>         #winbind use default domain = yes
>         winbind enum users = yes
>         winbind enum groups = yes
>         #winbind nested groups = yes
>         log level = 3
>         log file = /var/log/samba/samba.log
> #       unix charset = ISO8859-1
>
> #[netlogon antes]
> #path = /usr/local/samba/var/locks/sysvol/xxxxxx/scripts
> #read only = No
>
>
>
>
> Analista Inf.
> Juan Ignacio Pazos 
> <http://www.linkedin.com/pub/juan-ignacio-pazos-lorenzo/19/9b9/26a>
>
> 2016-06-13 16:22 GMT-03:00 Rowland penny <rpenny at samba.org 
> <mailto:rpenny at samba.org>>:
>
>     On 13/06/16 20:14, Rowland penny wrote:
>
>         On 13/06/16 19:37, Juan Ignacio wrote:
>
>             Rowland:
>
>             I'll use this email from now, the other does not work well.
>
>             A few years ago around 2.
>
>             We did everything that could be used for NIX and it worked.
>             The main DC_AD had been provisioned without rfc2307 and we
>             did later.
>
>             The problem is that at that time by not having
>             infrastructure had to be used as fileserver and this was a
>             problem because all directories are UID of 3000000 onwards.
>
>             Now I installed a new server following the procedure here:
>
>             https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
>             All seems to work well but UIDs are different when for
>             example I run
>             wbinfo --user-info = uanaco
>
>             Primary AD-DC
>             ADDC1 \ uanaco: *: 3000783: 100: uanaco: / home / ADDC1 /
>             uanaco: / bin / false
>
>             member Server
>             uanaco: *: 100642: 100008: uanaco: / home / ADDC1 /
>             uanaco: / bin / false
>
>             This is a problem because my intention is to use this file
>             server and testify pass all directories Primary AD-DC to
>             Member Server.
>
>             Is there any way the member server read the same UID as
>             the primary-
>
>             Thank Rowland.
>
>
>         Yes, but what does 'getent passwd ADDC1\uanaco' on the DC show ???
>         if it shows '3000783' as the users UID, then, unless you have
>         set the users uidNumber attribute to 3000783, you are not
>         using RFC2307 attributes. This is further backed up by the
>         fact that the same user may get '100642' as its UID on the
>         domain member.
>
>         Few questions:
>         Have you given your users a uidNumber attribute ?
>         Have you given 'Domain Users' (at least) a gidNumber attribute ?
>         If you have done the above, have you run 'net cache flush' on
>         the DC ?
>         Is PAM set up correctly on the DC and domain member ?
>
>         Rowland
>
>
>     Also can you post (as I asked) the smb.conf from the domain member.
>
>
>     Rowland
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

For the third time, will you please post the smb.conf from your domain 
member, not the one from your DC.

What OS are you using ?

Rowland



More information about the samba mailing list