[Samba] winbindd losing track of RFC2307 UIDs
Edson Tadeu Almeida da Silveira
edson.tadeu at gmail.com
Thu Oct 6 12:36:39 UTC 2016
Besides this change on vfs objects, i delete winbindd_idmap.tdb and
restarted winbind.
Change smb.conf:
vfs objects = acl_xattr full_audit
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
full_audit:prefix = %u|%I|%m|%S
full_audit:success = pread pwrite rename rmdir mkdir unlink chown
full_audit:failure = none
Here are my configurations:
# /etc/resolv.conf
nameserver 10.40.11.7 (AD1)
nameserver 10.40.11.9 (AD2)
search domain.local
# /etc/hosts
127.0.0.1 localhost
10.40.11.12 fs1.domain.local fs1
# /etc/krb5.conf
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
# cat /etc/hostname
fs1
2016-10-06 9:24 GMT-03:00 Rowland Penny <rpenny at samba.org>:
> On Thu, 6 Oct 2016 09:09:57 -0300
> Edson Tadeu Almeida da Silveira <edson.tadeu at gmail.com> wrote:
>
> > Same smb.conf in both members, only change netbios name.
> >
> >
> > [global]
> > netbios name = FS1
> > realm = DOMAIN.LOCAL
> > workgroup = DOMAIN
> > security = ads
> > idmap config * : backend = tdb
> > idmap config * : range = 2000-9999
> > idmap config DOMAIN : backend = rid
> > idmap config DOMAIN : range = 10000-99999
> > #+
> > username map = /var/lib/samba/user.map
> > #+
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind use default domain = yes
> > winbind expand groups = 4
> > winbind refresh tickets = Yes
> > winbind normalize names = Yes
> > #+
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> > #+
> > domain master = no
> > local master = no
> > preferred master = no
> > #+
> > vfs objects = acl_xattr
> > map acl inherit = Yes
> > store dos attributes = Yes
> > #+
> > log level = 2 vfs:7 auth:2 passdb:2
> > #+
> > vfs objects = full_audit
> > full_audit:facility = LOCAL7
> > full_audit:priority = NOTICE
> > full_audit:prefix = %u|%I|%m|%S
> > full_audit:success = pread pwrite rename rmdir mkdir unlink
> > chown full_audit:failure = none
> > #+
> > veto files =
> > /*.lnk/*.bkf/*.pif/*.avi/*.vob/*.qic/*.pak/*.srt/*.vmx/
> autorun.inf/RECYCLER/*.cmd/*.{*}/
> > #+
> >
> > [public]
> > path = /dados/public
> > read only = No
> >
>
> OK, there is only one problem there, you have 'vfs objects =
> acl_xattr', followed by 'vfs objects = full_audit'. The second turns
> off the first, you should have 'vfs objects = acl_xattr full_audit'
>
> fix this and then if it doesn't fix your problem,
> post /etc/resolv.conf, /etc/hosts, /etc/krb5.conf, /etc/hostname
>
> Rowland
>
--
-------------------------------------------
Edson Tadeu Almeida Silveira
http://sites.google.com/site/edsontadeu/
-------------------------------------------
More information about the samba
mailing list