[Samba] idmap woes after upgrade

[Rowland Penny]

On Sat, 27 May 2017 09:25:24 +0000
Tim ODriscoll via samba <samba at lists.samba.org> wrote:

> Hello All,
> 
> I've bitten the bullet and upgraded from sernet-samba-4.2 to
> 4.6.4-SerNet-RedHat-7.el7.
> 
> Now my AD users don't show up in Linux, with the result that the
> [homes] share fails to connect. Other shares work fine, it's just the
> homes share. There doesn't appear to be any uidNumber mapping going
> on.
> 
> I used to be able to use the unix command 'id' to show user info, but
> that just reports 'no user' now. 'wbinfo -i' returns the correct
> data, and I've got my 'uidNumber' and 'gidNumber' fields correctly
> filled out in my AD.
> 
> My smb.conf idmap entries are:
>  idmap_ldb:use rfc2307 = yes
>  idmap config *:backend = tdb
>  idmap config *:range = 2000-9999
>  idmap config LAMBROOK:backend = ad
>  idmap config LAMBROOK:schema_mode = rfc2307
>  idmap config LAMBROOK:range = 10000-99999
>  idmap config LAMBROOK:unix_nss_info = yes
>  idmap config LAMBROOK : unix_primary_group = yes
>  winbind nss info = rfc2307
> 
> My idmap.ldb file contains this for my SID:
>  # record 143
>  dn: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002
>  cn: S-1-5-21-xxxxxx-xxxxx-xxxxxx-1002
>  objectClass: sidMap
>  objectSid: S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002
>  type: ID_TYPE_BOTH
>  xidNumber: 3000017
>  distinguishedName: CN=S-1-5-21-xxxxxx-xxxxxx-xxxxxx-1002
> 
> wbinfo -i tim.odriscoll:
>  LAMBROOK\tim.odriscoll:*:2000:100:Tim
> ODriscoll:/home/LAMBROOK/tim.odriscoll:/bin/false
> 
> Have I totally messed the idmaps up? I've tried changing my xidNumber
> to '2000' and I still get an error 53 (path not found) from Windows,
> and my filesystem permissions still don't map to usernames.
> 
> I've turned smb.conf debugging up to 5 and there doesn't appear to be
> any errors in log.smbd.. How can I go about fixing this?

Hmm, you mention:

'idmap_ldb:use rfc2307 = yes' and 'xidNumber'

Is this on a DC or a Unix domain member ?

Rowland