[Samba] idmap woes after upgrade

Tim ODriscoll tim.odriscoll at lambrookschool.co.uk
Sat May 27 09:25:24 UTC 2017


Hello All,

I've bitten the bullet and upgraded from sernet-samba-4.2 to 4.6.4-SerNet-RedHat-7.el7.

Now my AD users don't show up in Linux, with the result that the [homes] share fails to connect. Other shares work fine, it's just the homes share. There doesn't appear to be any uidNumber mapping going on.

I used to be able to use the unix command 'id' to show user info, but that just reports 'no user' now. 'wbinfo -i' returns the correct data, and I've got my 'uidNumber' and 'gidNumber' fields correctly filled out in my AD.

My smb.conf idmap entries are:
 idmap_ldb:use rfc2307 = yes
 idmap config *:backend = tdb
 idmap config *:range = 2000-9999
 idmap config LAMBROOK:backend = ad
 idmap config LAMBROOK:schema_mode = rfc2307
 idmap config LAMBROOK:range = 10000-99999
 idmap config LAMBROOK:unix_nss_info = yes
 idmap config LAMBROOK : unix_primary_group = yes
 winbind nss info = rfc2307

My idmap.ldb file contains this for my SID:
 # record 143
 dn: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002
 cn: S-1-5-21-xxxxxx-xxxxx-xxxxxx-1002
 objectClass: sidMap
 objectSid: S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002
 type: ID_TYPE_BOTH
 xidNumber: 3000017
 distinguishedName: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002

wbinfo -i tim.odriscoll:
 LAMBROOK\tim.odriscoll:*:2000:100:Tim ODriscoll:/home/LAMBROOK/tim.odriscoll:/bin/false

Have I totally messed the idmaps up? I've tried changing my xidNumber to '2000' and I still get an error 53 (path not found) from Windows, and my filesystem permissions still don't map to usernames.

I've turned smb.conf debugging up to 5 and there doesn't appear to be any errors in log.smbd.. How can I go about fixing this?

Many thanks,

Tim


More information about the samba mailing list