[Samba] wbinfo -U id gives different users on same dc
Özkan Göksu
ozkan.goksu at usishi.com
Wed Feb 14 14:30:07 UTC 2018
RID solved my problem. But while reading docs I saw new things and I
changed my smb.conf completely.
I have read almost every parameter but i'm still not %100 sure.
Can you do me a last favor?
Please can you tell me do I have any problem with new smb.conf?
Kernel: Linux 4.14.13-1-ARCH
Filesystem: zfs-linux 0.7.5.4.14.13.1-1
Thank you so much for your help.
---------------------
[global]
netbios name = DEV1
server string = %h Test Host
workgroup = SM
realm = SM.PVT
security = ADS
server role = member server
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
idmap config SM: backend = rid
idmap config SM: range = 20000-90000000
encrypt passwords = yes
dns proxy = no
strict locking = Auto
oplocks = yes
deadtime = 15
logging = file
max log size = 51200
log level = 2
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
unix charset = UTF-8
case sensitive = auto
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
ntlm auth = no
allow trusted domains = no
client ntlmv2 auth = yes
kernel change notify = yes
panic action = /usr/bin/samba-backtrace
dns update command = /usr/sbin/samba_dnsupdate
acl allow execute always = true
dos filemode = yes
multicast dns register = no
domain logons = no
client use spnego = yes
local master = no
domain master = no
preferred master = no
template shell = /bin/sh
template homedir = /home/%D/%U
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
min receivefile size = 16384
max xmit = 65536
max open files = 232040
strict sync = no
[test]
comment = test
path = /ssdhavuz/test
guest ok =no
browseable = yes
writeable = yes
hide dot files = yes
veto files = /.snapshot/.windows/.mac/.zfs/
use sendfile = no
acl group control = yes
map acl inherit = yes
inherit owner = yes
inherit permissions = yes
inherit acls = yes
vfs objects = acl_xattr streams_xattr aio_pthread
acl_xattr:ignore system acls = yes
aio_pthread:aio num threads = 500
2018-02-13 16:20 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Tue, 13 Feb 2018 15:52:13 +0200
> Özkan Göksu <ozkan.goksu at usishi.com> wrote:
>
> > Thank you for reply Rowland.
> >
> > Sorry for my typo. I intended to change sm--to-->test but i forget to
> > change other lines.
> > So my original config is below:
> >
> > workgroup = sm
> > > realm = sm.pvt
> > > server string = %h Test Host
> > > security = ads
> > > encrypt passwords = yes
> > > idmap config sm.pvt : backend = ad
> > > idmap config sm.pvt : range = 10000-20000
> > > idmap config sm.pvt : schema_mode = rfc2307
> > > idmap config * : range = 8000-9000
> >
> >
> > Honestly I am not sure about using ads backend at all. I have read
> > samba documents. As rid backend use local database and it may get
> > corrupted, I chose ad backend.
> > On the other hand I should not install any extensions on Windows
> > Active Directory server. Samba documents tells something about
> > installing unix extensions but as far as I see this is not a must for
> > ads.
> >
> > So it would be best if someone could help me understanding about rid
> > vs ads. I suspect my problem depends on it.
> >
>
> OK, if you cannot add anything to AD, then you cannot use the winbind
> 'ad' backend, so you will have to use the 'rid' backend.
>
> The 'rid' backend does not use a local database, it use the AD
> database. The users (or groups) ID is calculated from the AD objectsid,
> this will be in the form:
>
> S-1-5-21-1768301897-3342589593-1064908849-2130
>
> The last portion is the RID '2130' and is unique in the domain, the
> rest identifies the domain.
>
> The winbind 'rid' calculates the ID from the RID and the lower range
> you set in AD with this calculation:
>
> ID = RID - BASE_RID + LOW_RANGE_ID
>
> BASE_RID is 0, so it is really:
>
> ID = RID + LOW_RANGE_ID
>
> So, using your lower range and the RID from above, it becomes
>
> ID = 2130 + 10000
>
> ID = 12130
>
> If you use the same smb.conf on all Unix domain members in the domain,
> you will always get the same Unix ID.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list