[Samba] idmap woes after upgrade
Tim ODriscoll
tim.odriscoll at lambrookschool.co.uk
Sat May 27 09:25:24 UTC 2017
Hello All,
I've bitten the bullet and upgraded from sernet-samba-4.2 to 4.6.4-SerNet-RedHat-7.el7.
Now my AD users don't show up in Linux, with the result that the [homes] share fails to connect. Other shares work fine, it's just the homes share. There doesn't appear to be any uidNumber mapping going on.
I used to be able to use the unix command 'id' to show user info, but that just reports 'no user' now. 'wbinfo -i' returns the correct data, and I've got my 'uidNumber' and 'gidNumber' fields correctly filled out in my AD.
My smb.conf idmap entries are:
idmap_ldb:use rfc2307 = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config LAMBROOK:backend = ad
idmap config LAMBROOK:schema_mode = rfc2307
idmap config LAMBROOK:range = 10000-99999
idmap config LAMBROOK:unix_nss_info = yes
idmap config LAMBROOK : unix_primary_group = yes
winbind nss info = rfc2307
My idmap.ldb file contains this for my SID:
# record 143
dn: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002
cn: S-1-5-21-xxxxxx-xxxxx-xxxxxx-1002
objectClass: sidMap
objectSid: S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002
type: ID_TYPE_BOTH
xidNumber: 3000017
distinguishedName: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002
wbinfo -i tim.odriscoll:
LAMBROOK\tim.odriscoll:*:2000:100:Tim ODriscoll:/home/LAMBROOK/tim.odriscoll:/bin/false
Have I totally messed the idmaps up? I've tried changing my xidNumber to '2000' and I still get an error 53 (path not found) from Windows, and my filesystem permissions still don't map to usernames.
I've turned smb.conf debugging up to 5 and there doesn't appear to be any errors in log.smbd.. How can I go about fixing this?
Many thanks,
Tim
More information about the samba
mailing list