[Samba] Problem Groups GID Mappings

Rowland Penny rpenny at samba.org
Fri Oct 21 17:08:27 UTC 2016 

On Fri, 21 Oct 2016 16:59:07 +0000 (UTC)
Ricardo Pardim Claus via samba <samba at lists.samba.org> wrote:

> Dear, 
> I have 2 DC's Samba4.4.5. 
> I realize that there is a difference in mapping groups gid mappings. 
> The /etc/nsswitch.conf are equal in DC's. 
> I found difference in the smb.conf of DC's. 
> The DC2 shows the name of winbind groups. The DC1 shows only the uid
> of the group / user. Could someone give me a hint?
> 
> 
> Smb.conf file DC1 
> 
> 
> [global] 
> interfaces = lo eth0 
> netbios name = SRV14 
> realm = DOMAIN.LOCAL 
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate workgroup = DOMAIN 
> server role = active directory domain controller 
> comment = 
> log file = /var/log/samba/samba.log 
> log level = 1 
> max log size = 10000 
> idmap_ldb:use rfc2307 = yes 
> winbind enum users = yes 
> winbind enum groups = yes 
> allow dns updates = secure only 
> nsupdate command =  /usr/bin/nsupdate -g 
> client ldap sasl wrapping = sign 
> ldap server require strong auth = no 
> time server = yes 
> # EVENT LOGGING 
> eventlog list = Application System Security SyslogLinux 
> 
> 
> [netlogon] 
> path = /usr/local/samba/var/locks/sysvol/domain.local/scripts 
> read only = No 
> 
> [sysvol] 
> path = /usr/local/samba/var/locks/sysvol 
> read only = No 
> 
> 
> 
> Smb.conf file DC2
> 
> [global] 
> bind interfaces only = Yes 
> interfaces = lo eth0 
> netbios name = SRV15 
> realm = DOMAIN.LOCAL 
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate workgroup = DOMAIN
> server role = active directory domain controller 
> comment = 
> log file = /var/log/samba/%m.log 
> log level = 1 
> max log size = 10000 
> #
> winbind enum users = yes 
> winbind enum groups = yes 
> client ldap sasl wrapping = sign 
> ldap server require strong auth = no 
> 
> [netlogon] 
> path = /usr/local/samba/var/locks/sysvol/domain.local/scripts 
> read only = No 
> 
> [sysvol] 
> path = /usr/local/samba/var/locks/sysvol 
> read only = No 
> 

Apart from DC2 not having this line:

idmap_ldb:use rfc2307 = yes

Both smb.conf files look ok.
Can you elaborate on your problem and show a few examples.

Rowland

More information about the samba mailing list