[Samba] member server idmap config (auto)rid
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 8 15:03:59 UTC 2017
If you use the debian package 4.5.8 is can suggest you upgrade to 4.6.5 from buster or use my 4.6.6
Go through this changelog.
http://metadata.ftp-master.debian.org/changelogs/main/s/samba/samba_4.6.5+dfsg-8_changelog
My 4.6.6 is based on 4.6.5+dfsg-6
But i cant tell much jet about clustering setups.
Except this page:
https://wiki.samba.org/index.php/Clustered_Samba
And
https://wiki.samba.org/index.php/CTDB_and_Clustered_Samba
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Neil
> Price via samba
> Verzonden: dinsdag 8 augustus 2017 16:54
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] member server idmap config (auto)rid
>
> On 08/08/2017 12:04, mathias dufresne via samba wrote:
> > Could you post the whole smb.conf? That should help...
> The server is maybe not normal as its a high availability
> cluster, so the netbios name is not the same as the linux
> hostname. Hope that makes sense and is not a problem..
>
>
> [global]
> interfaces = 127.0.0.0/8 eth0:0 <== This is a
> drbd/pacemaker
> cluster
> netbios name = PTA-CLUSTER <-----Ditto
> realm = AD.GIBB.CO.ZA
> workgroup = GIBB
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> map to guest = Bad User
> security = ADS
> server role = member server
> username map = /etc/samba/user.map
> winbind enum groups = Yes
> winbind enum users = Yes
> dns proxy = No
> wins server = 192.168.112.94 192.168.104.65
> idmap config GIBB : range = 1000000-1199999
> idmap config GIBB : backend = rid
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
>
>
> > Did you install libpam-winbind? libpam-krb5?
> Yes
> > Kerberos is working? It should as you mentioned join was ok.
> Yes it works but seems very slow. kinit followed by klist.
>
> I'm getting inconsistent results. Now it works, now it
> doesn't. I'm looking at the possibility that one of the many
> Windows AD servers is at fault and samba is occasionally
> choosing that one. It looks like using "password server" is
> not recommended and it fact it it did not help.
> I still need to to work through Louis' helpful post.
>
>
> > Anyway and in short, to help we need information.
> >
> > And playing with wbinfo could help to understand what you missed
> > (wbinfo -n username; wbinfo -S userSID; wbnifo -i username; for a
> > start)
> >
> > 2017-08-07 16:44 GMT+02:00 Neil Price via samba
> <samba at lists.samba.org>:
> >
> >> I've joined a samba 4.48 (debian stretch) to a Windows 2008R2 AD
> >> domain according to
> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domai
> >> n_Member
> >>
> >> It joins OK but I cannot get idmap rid (or autorid) to work
> >>
> >> idmap config * : backend = autorid
> >> idmap config * : range = 1000000-1199999
> >>
> > Using only these two lines AD users and groups could become Linux
> > users and groups but their UID/GID will be randomly
> generated, which
> > is certinaly not what you want (at least in future that's
> you should
> > regret)
> >
> >
> >> Nothing is returned for getent "SAMDOM\user"
> >>
> >> log.winbindd shows:
> >>
> >> [2017/08/07 15:44:08.377559, 3] ../source3/winbindd/winbindd_g
> >> etpwnam.c:56(winbindd_getpwnam_send)
> >> getpwnam SAMDOM\user
> >> [2017/08/07 15:45:12.561500, 5] ../source3/winbindd/winbindd.c
> >> :1139(remove_timed_out_clients)
> >> Client request timed out, shutting down sock 26, pid 639
> >>
> >> (libnss_winbind is installed and nsswitcy.conf modified as
> per wiki)
> >>
> >> If however I use
> >>
> >> idmap config * : backend = tdb
> >> idmap config * : range = 3000-7999
> >>
> >> idmap config SAMDOM : backend = rid
> >> idmap config SAMDOM : range = 1000000-1199999
> >>
> > Using these 4 lines is the right thing to do: idmap-rid
> will generate
> > UID/GID using LDAP object's RID + 1000000 (according to what you
> > wrote) and
> > as UID/GID are now based on RID which is stable your
> UID/GID will be
> > stable too (not randomly generated)
> >
> >
> >> Then getent "SAMDOM\user" works but the uid is taken from the *
> >> range, not
> >> SAMDOM.
> >>
> >> What am I doing wrong?
> >>
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list