[Samba] getent problems with new Samba version

Mark Foley mfoley at ohprs.org
Thu Jan 26 19:09:49 UTC 2017

On Thu, 26 Jan 2017 09:56:10 +0000 Rowland Penny wrote:
> On Thu, 26 Jan 2017 02:35:43 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
> > on Wed, 25 Jan 2017 20:15:49 -0500 Gaiseric Vandal wrote:
> > 
> > > Would "testparm -v" show you the path of all the files used ?  Are
> > > there any idmap settings? 
> > 
> > Gaiseric, thanks for your response. the `testparm -v` gave me:
> > 
> > private dir = /var/lib/samba/private
> > 
> > So, I guess that means the sam.ldb in that directory is the one being
> > used, not the one in /etc/samba/private.  That helps.  Thanks for
> > that tip.  The newer Samba 4.4.8 must have somehow been smart enough
> > to find the 4.2.12 sam.ldb in /etc/samba/private and copy it over to
> > the new location because there was no /var/lib/samba/private with my
> > 4.2.12, and the contents of both sam.ldb's is the same including
> > changes I made. 
> No, I would say it is dumb enough to try, just who thought it was a
> good idea to do this ?

I can't imagine why they would change the location of a crucial directory like this!!!

> If you read the slackware file 'doinst.sh', there is this:
> # Since /etc/samba/private/ has moved to /var/lib/samba/private, migrate any
> # important files if possible:

Where is this file? I have no doinst.sh on my entire system, nor do I find it on the Slackware
14.2 installation DVD.

I'm pretty sure I didn't copy this directory over. Come to think of it, when I restarted with
the new version my DNS wasn't working (see next comment). I found that the /etc/samba/private
folder was missing altogether. I restored that directory from backup and DNS started working
again. So, either that doinst.sh script got run automatically somehow, or the Samaba executable
knew to do this, and removed the /etc/samba/private directory.

After some testing, I will remove the old /etc/samba/private folder.  In addition to .ldb
stuff, the original Samba provisioning step created (or advised?) a named.conf file to include
the following line:

include "/etc/samba/private/named.conf";

wherein all the Samba DNS stuff was originally created.  I've modified my /etc/named.conf to
now point to /var/lib/samba/private and will remove /etc/samba/private when I'm sure of this. 
This "change" affects a lot of stuff!! :(

> What does 'samba -b' show for 'PRIVATE_DIR' ?

$ samba -b
Samba version: 4.4.8
Build environment:
   Build host:  Linux hive64 4.4.38 #1 SMP Sun Dec 11 15:57:21 CST 2016 x86_64 AMD Phenom(tm)
II X6 1100T Processor AuthenticAMD GNU/Linux
   PRIVATE_DIR: /var/lib/samba/private

Same as the `testparm -v` Gaiseric had me run.

> > /var/lib/samba/private/sam.ldb, /etc/samba/private/sam.ldb and
> > RSAT/ADUC all show the "correct" UID:GIDs for users, for example
> > 10001:10000. 
> > 
> > So, if Samba 4.4.8 "is using winbind to allocate uid's", how can I
> > make it stop that and use the ids actually configured in sam.ldb?
> > That's the question, basically: why is windbind (or whatever)
> > arbitrarily generating UID:GIDs instead of using the configured ids?
> > You are likely right on this too.  As Rowland Penny wrote on
> > 10/11/2015 17:15, "wbinfo goes straight to winbind, which goes to
> > where you have told it to.  getent goes via nssswitch, ...". and
> > wbinfo still returns:
> When I said that, I meant how Samba was configured would tell winbind
> where to look.

So, where is winbind looking?

> Have you tried checking in AD with ldbsearch or ldbedit for the actual
> records ?

Yes, I've done `ldbedit -H /var/lib/samba/private/sam.ldb` (and ldbsearch) and among other
settings for user 'mark' I have:

uidNumber: 10001
gidNumber: 10000

winbind or whatever is simply not looking there.

Is there a solution?


More information about the samba mailing list