[Samba] member server idmap config (auto)rid

L.P.H. van Belle belle at bazuin.nl
Tue Aug 8 12:18:40 UTC 2017


Ok debian stretch.. 

Go here. 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862580#39
Review all steps there. ( message 39, Date: Mon, 22 May 2017 10:21:18 +0200 ) 

And if you change something, mark it so you can find it back, but that config works. 
If it fails, post you smb.conf and post where you see errors based on the steps of above link. 

Without smb.conf is a guessing game. 


Greetz, 

Louis

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Lange Norbert via samba
> Verzonden: dinsdag 8 augustus 2017 13:30
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] member server idmap config (auto)rid
> 
> (forwarding as I forgot to reply-all)
> 
> -----Original Message-----
> From: Lange Norbert
> Sent: Dienstag, 08. August 2017 12:26
> To: 'mathias dufresne'
> Subject: RE: [Samba] member server idmap config (auto)rid
> 
> >Did you install libpam-winbind? libpam-krb5?
> 
> Nope, I did try installing them now, made no difference.
> I have backup-scripts running on the server for months, and 
> it worked before.
> 
> Can`t get wbinfo to report anything but errors, I am using 
> user/domain/pass file with smbclient, There is no 
> sophisticated authentication AFAIK, and the issue just seems 
> that samba sends data in bigger chunks than the server 
> accepts, the patch limits this. This does not seem anything 
> related to login/auth.
> 
> Kind regards,
> Norbert
> 
>  >-----Original Message-----
>  >From: samba [mailto:samba-bounces at lists.samba.org] On 
> Behalf Of mathias  >dufresne via samba
>  >Sent: Dienstag, 08. August 2017 12:05
>  >Cc: samba
>  >Subject: Re: [Samba] member server idmap config (auto)rid  
> >  >EMAIL from a NON-ANDRITZ SOURCE: as a security measure, 
> please exercise  >caution with email content and any links or 
> attachments.
>  >
>  >
>  >Hi,
>  >
>  >Could you post the whole smb.conf? That should help...
>  >
>  >Did you install libpam-winbind? libpam-krb5?
>  >
>  >Kerberos is working? It should as you mentioned join was ok.
>  >
>  >Anyway and in short, to help we need information.
>  >
>  >And playing with wbinfo could help to understand what you 
> missed (wbinfo -n  >username; wbinfo -S userSID; wbnifo -i 
> username; for a start)  >
>  >2017-08-07 16:44 GMT+02:00 Neil Price via samba 
> <samba at lists.samba.org>:
>  >
>  >> I've joined a samba 4.48 (debian stretch) to a Windows 
> 2008R2 AD domain  >> according to  
> >https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domai
>  >> n_Member
>  >>
>  >> It joins OK but I cannot get idmap rid (or autorid) to work  >>
>  >>    idmap config * : backend = autorid
>  >>    idmap config * : range = 1000000-1199999
>  >>
>  >
>  >Using only these two lines AD users and groups could become 
> Linux users and  >groups but their UID/GID will be randomly 
> generated, which is certinaly not  >what you want (at least 
> in future that's you should regret)  >  >  >>  >> Nothing is 
> returned for getent "SAMDOM\user"
>  >>
>  >> log.winbindd shows:
>  >>
>  >> [2017/08/07 15:44:08.377559,  3] 
> ../source3/winbindd/winbindd_g  >> 
> etpwnam.c:56(winbindd_getpwnam_send)
>  >>   getpwnam SAMDOM\user
>  >> [2017/08/07 15:45:12.561500,  5] 
> ../source3/winbindd/winbindd.c  >> :1139(remove_timed_out_clients)
>  >>   Client request timed out, shutting down sock 26, pid 639
>  >>
>  >> (libnss_winbind is installed and nsswitcy.conf modified 
> as per wiki)  >>  >> If however I use  >>
>  >>        idmap config * : backend = tdb
>  >>        idmap config * : range = 3000-7999
>  >>
>  >>    idmap config SAMDOM : backend = rid
>  >>    idmap config SAMDOM : range = 1000000-1199999
>  >>
>  >
>  >Using these 4 lines is the right thing to do: idmap-rid 
> will generate  >UID/GID using LDAP object's RID + 1000000 
> (according to what you wrote) and  >as UID/GID are now based 
> on RID which is stable your UID/GID will be stable  >too (not 
> randomly generated)  >  >  >>  >> Then getent "SAMDOM\user" 
> works but the uid is taken from the * range, not  >> SAMDOM.
>  >>
>  >> What am I doing wrong?
>  >>
>  >>
>  >>
>  >>
>  >> --
>  >> To unsubscribe from this list go to the following URL and 
> read the  >> instructions:  
> https://lists.samba.org/mailman/options/samba
>  >--
>  >To unsubscribe from this list go to the following URL and read the
>  >instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> ##############################################################
> #######################
> 
> This message and any attachments are solely for the use of 
> the intended recipients. They may contain privileged and/or 
> confidential information or other information protected from 
> disclosure. If you are not an intended recipient, you are 
> hereby notified that you received this email in error and 
> that any review, dissemination, distribution or copying of 
> this email and any attachment is strictly prohibited. If you 
> have received this email in error, please contact the sender 
> and delete the message and any attachment from your system.
> 
> Thank You.
> 
> ##############################################################
> #######################
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 




More information about the samba mailing list