[Samba] Problem with large uids
andreas.hauffe at tu-dresden.de
Sat Oct 21 08:50:06 UTC 2017
I have two member server and both with Samba 4.6.7. I'm using winbind for NSS and PAM. One of the member server is exporting an NFS4 mount which the other member server is mounting. For users with an rid-mapped uid below some value everything works fine. If the uid is above this value the group permissions are not evaluated and I'm getting a permission denied if a folder or file is only accessable by group membership. I haven't evaluated the value exactly but it is below 100000. The problem is that there are RIDs above 100000. Is there a known limit for the uid?
The resolv.conf, nsswitch.conf and krb5.conf is taken from the wiki and just the domains are replace.
security = ADS
workgroup = SUBDOM
realm = SUBDOM.DOM.EXAMPLE.DE
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
template homedir = /home/%D/%U
template shell = /bin/bash
idmap config * : backend = tdb
idmap config * : range = 3000-9999
idmap config SUBDOM: backend = rid
idmap config SUBDOM: range = 1000000-2000000 # UID aus RID für SUBDOM
idmap config DOM : backend = rid
idmap config DOM : range = 3000000-4000000 # UID aus RID für DOM
If I'm changing the range of SUBDOM to 10000-20000 and the uid of the user is in this range everything works fine. This does not happen using SSSD with large UID, that's why I asking if I did something wrong conntected to winbind. SSSD has other shortcomings.
More information about the samba