[Samba] IDMAP problems after upgrade to Debian jessie
Lukas Haase
lukashaase at gmx.at
Sat Jan 14 22:43:59 UTC 2017
Hi,
I have been running a Debian 3 server without problems for a long time.
Now, after upgrading to Debian jessie (Debian 4.2.14) I cannot log in
any more:
smbclient -U admin -L //localhost/
Enter admin's password:
session setup failed: NT_STATUS_UNSUCCESSFUL
In the logs:
[2017/01/14 23:37:21.636022, 2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [admin] -> [admin] ->
[admin] succeeded
[2017/01/14 23:37:21.637610, 1]
../source3/auth/token_util.c:430(add_local_groups)
SID S-1-5-21-3909901412-745783496-1225843668-500 -> getpwuid(25003) failed
This is odd because the correct UID for this SID would be 1013.
The relevant Samba config thus far was:
passdb backend = ldapsam:ldap://ldap/
ldap ssl = Start_tls
obey pam restrictions = no
ldap admin dn = uid=admin,dc=intra
ldap suffix = dc=intra
ldap group suffix = ou=groups
ldap user suffix = ou=users
ldap machine suffix = ou=machines
ldap idmap suffix = ou=idmap
idmap uid = 25000-27000
idmap gid = 25000-27000
However, ou=idmap in the LDAP tree is empty and winbind was running.
I thought maybe it is because of the deprecated idmap uid option but no
matter what I set for "idmap config", wbinfo always returns the wrong UID:
# wbinfo --sid-to-uid S-1-5-21-3909901412-745783496-1225843668-500
25003
For example, I tried
idmap config * : backend = tdb
idmap config * : range = 25000 27000
or
idmap config * : backend = rid
idmap config * : range = 0 1000
The output just does not change.
Any help would be appreciated. Thanks!
Luke
More information about the samba
mailing list