[Samba] getent problems with new Samba version

Thu Jan 26 09:56:10 UTC 2017

On Thu, 26 Jan 2017 02:35:43 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:

> on Wed, 25 Jan 2017 20:15:49 -0500 Gaiseric Vandal wrote:
> 
> > Would "testparm -v" show you the path of all the files used ?  Are
> > there any idmap settings? 
> 
> Gaiseric, thanks for your response. the `testparm -v` gave me:
> 
> private dir = /var/lib/samba/private
> 
> So, I guess that means the sam.ldb in that directory is the one being
> used, not the one in /etc/samba/private.  That helps.  Thanks for
> that tip.  The newer Samba 4.4.8 must have somehow been smart enough
> to find the 4.2.12 sam.ldb in /etc/samba/private and copy it over to
> the new location because there was no /var/lib/samba/private with my
> 4.2.12, and the contents of both sam.ldb's is the same including
> changes I made. 

No, I would say it is dumb enough to try, just who thought it was a
good idea to do this ?

If you read the slackware file 'doinst.sh', there is this:

# Since /etc/samba/private/ has moved to /var/lib/samba/private, migrate any
# important files if possible:
if [ -d etc/samba/private -a -d var/lib/samba/private ]; then
  for file in etc/samba/private/* ; do
    if [ -r "$file" -a ! -r "var/lib/samba/private/$(basename $file)" ]; then
      mv "$file" var/lib/samba/private
    fi
  done
  # Might as well try to eliminate this directory, since it should be empty:
  rmdir etc/samba/private 1> /dev/null 2> /dev/null
fi

Now on the face of it, this should work, but I cannot see anywhere that
Samba was stopped before moving the files. There is also the problem
that the paths do not start with '/'

I created a simple test script:

#!/bin/sh

if [ -d usr/local/samba ]; then
    echo "/usr/local/samba exists"
else
    echo "not found"
fi

exit 0

Made it executable and ran it and got 'not found'

Altered the test script by adding '/' to the front of the path and ran
the script again and got '/usr/local/samba exists'

> 
> > It looks like the newer version is using winbind to allocate uid's
> > (based on the high ID numbers.) Maybe because it does not see uid's
> > already allocated. 

What does 'samba -b' show for 'PRIVATE_DIR' ?

> 
> /var/lib/samba/private/sam.ldb, /etc/samba/private/sam.ldb and
> RSAT/ADUC all show the "correct" UID:GIDs for users, for example
> 10001:10000. 
> 
> So, if Samba 4.4.8 "is using winbind to allocate uid's", how can I
> make it stop that and use the ids actually configured in sam.ldb?
> That's the question, basically: why is windbind (or whatever)
> arbitrarily generating UID:GIDs instead of using the configured ids?
> You are likely right on this too.  As Rowland Penny wrote on
> 10/11/2015 17:15, "wbinfo goes straight to winbind, which goes to
> where you have told it to.  getent goes via nssswitch, ...". and
> wbinfo still returns:

When I said that, I meant how Samba was configured would tell winbind
where to look.

Have you tried checking in AD with ldbsearch or ldbedit for the actual
records ?

Rowland