[Samba] getent problems with new Samba version
Mark Foley
mfoley at ohprs.org
Thu Jan 26 19:09:49 UTC 2017
On Thu, 26 Jan 2017 09:56:10 +0000 Rowland Penny wrote:
>
> On Thu, 26 Jan 2017 02:35:43 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > on Wed, 25 Jan 2017 20:15:49 -0500 Gaiseric Vandal wrote:
> >
> > > Would "testparm -v" show you the path of all the files used ? Are
> > > there any idmap settings?
> >
> > Gaiseric, thanks for your response. the `testparm -v` gave me:
> >
> > private dir = /var/lib/samba/private
> >
> > So, I guess that means the sam.ldb in that directory is the one being
> > used, not the one in /etc/samba/private. That helps. Thanks for
> > that tip. The newer Samba 4.4.8 must have somehow been smart enough
> > to find the 4.2.12 sam.ldb in /etc/samba/private and copy it over to
> > the new location because there was no /var/lib/samba/private with my
> > 4.2.12, and the contents of both sam.ldb's is the same including
> > changes I made.
>
> No, I would say it is dumb enough to try, just who thought it was a
> good idea to do this ?
I can't imagine why they would change the location of a crucial directory like this!!!
> If you read the slackware file 'doinst.sh', there is this:
>
> # Since /etc/samba/private/ has moved to /var/lib/samba/private, migrate any
> # important files if possible:
Where is this file? I have no doinst.sh on my entire system, nor do I find it on the Slackware
14.2 installation DVD.
I'm pretty sure I didn't copy this directory over. Come to think of it, when I restarted with
the new version my DNS wasn't working (see next comment). I found that the /etc/samba/private
folder was missing altogether. I restored that directory from backup and DNS started working
again. So, either that doinst.sh script got run automatically somehow, or the Samaba executable
knew to do this, and removed the /etc/samba/private directory.
After some testing, I will remove the old /etc/samba/private folder. In addition to .ldb
stuff, the original Samba provisioning step created (or advised?) a named.conf file to include
the following line:
include "/etc/samba/private/named.conf";
wherein all the Samba DNS stuff was originally created. I've modified my /etc/named.conf to
now point to /var/lib/samba/private and will remove /etc/samba/private when I'm sure of this.
This "change" affects a lot of stuff!! :(
> What does 'samba -b' show for 'PRIVATE_DIR' ?
$ samba -b
Samba version: 4.4.8
Build environment:
Build host: Linux hive64 4.4.38 #1 SMP Sun Dec 11 15:57:21 CST 2016 x86_64 AMD Phenom(tm)
II X6 1100T Processor AuthenticAMD GNU/Linux
Paths:
:
:
PRIVATE_DIR: /var/lib/samba/private
Same as the `testparm -v` Gaiseric had me run.
> > /var/lib/samba/private/sam.ldb, /etc/samba/private/sam.ldb and
> > RSAT/ADUC all show the "correct" UID:GIDs for users, for example
> > 10001:10000.
> >
> > So, if Samba 4.4.8 "is using winbind to allocate uid's", how can I
> > make it stop that and use the ids actually configured in sam.ldb?
> > That's the question, basically: why is windbind (or whatever)
> > arbitrarily generating UID:GIDs instead of using the configured ids?
> > You are likely right on this too. As Rowland Penny wrote on
> > 10/11/2015 17:15, "wbinfo goes straight to winbind, which goes to
> > where you have told it to. getent goes via nssswitch, ...". and
> > wbinfo still returns:
>
> When I said that, I meant how Samba was configured would tell winbind
> where to look.
So, where is winbind looking?
> Have you tried checking in AD with ldbsearch or ldbedit for the actual
> records ?
Yes, I've done `ldbedit -H /var/lib/samba/private/sam.ldb` (and ldbsearch) and among other
settings for user 'mark' I have:
uidNumber: 10001
gidNumber: 10000
winbind or whatever is simply not looking there.
Is there a solution?
--Mark
More information about the samba
mailing list