[Samba] idmap woes after upgrade
Rowland Penny
rpenny at samba.org
Sat May 27 11:45:16 UTC 2017
On Sat, 27 May 2017 11:02:36 +0000
Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote:
> Hi Rowland,
>
> On 27 May 2017 11:39:
> > Hmm, you mention:
> >
> > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber'
> >
> > Is this on a DC or a Unix domain member ?
>
> This is on a DC. I only have two centOS7 AD DC's in my environment..
>
OK, you posted that you have these lines in your smb.conf:
idmap_ldb:use rfc2307 = yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config LAMBROOK:backend = ad
idmap config LAMBROOK:schema_mode = rfc2307
idmap config LAMBROOK:range = 10000-99999
idmap config LAMBROOK:unix_nss_info = yes
idmap config LAMBROOK : unix_primary_group = yes
winbind nss info = rfc2307
You might as well remove all of them except:
idmap_ldb:use rfc2307 = yes
The other lines never did anything on a DC.
Unless you manually add uidNumber attributes to users and gidNumber
attributes to groups, id mapping on a DC is done in idmap.ldb and
results in ID numbers in the 3000000 range.
If you rely on idmap.ldb for your ID mappings, you will need to keep
idmap.ldb in sync on both DCs, otherwise you are very likely to get
different user & group IDs on each DC. This is only a concern if you
use the DCs as a fileserver.
You also mentioned [homes], this does not work on a DC, see here:
https://wiki.samba.org/index.php/User_Home_Folders
When you upgraded Samba, did libnss_winbind.so get upgraded as well ?
Rowland
More information about the samba
mailing list