[Samba] idmap limit?

Rowland Penny rpenny at samba.org
Tue Jan 16 16:26:02 UTC 2018


On Tue, 16 Jan 2018 16:54:17 +0100
Andreas Hauffe via samba <samba at lists.samba.org> wrote:

> Ok, you are completely right. Here are the real numbers with changed 
> user names:
> 
> drwx------ 43 DOM\user1        DOM\domain-user  4096 Jan 10 08:00
> user1 drwx------   5 DOM\user2        DOM\domain-user  4096 Jan 11
> 08:13 user2 drwx------ 92 DOM\user3        DOM\domain-user   4096 Jan
> 16 08:39 user3 drwx------   3        133265        DOM\domain-user
> 4096 Sep  7 2015 user4 drwx------   7        470055
> DOM\domain-user   4096 Apr 30 2013 user5 drwx------ 12 DOM\user6
>        DOM\domain-user   4096 Jan  4 12:46 user6 drwx------ 51
> DOM\user7        DOM\domain-user   4096 Jan 15 23:01 user7
> drwx------   2          95092        DOM\domain-user   4096 Jul 1
> 2015 user8 drwx------  3 DOM\user9         DOM\domain-user   4096
> Jun  8 2015 user9 ....
> drwx------  7 DOM\user200    DOM\domain-user   4096 Nov  6  2012
> user200
> 
>   > wbinfo --uid-info=133265
> failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for uid 133265
> 
>   > wbinfo -i DOM\\user4
> DOM\user4:*:133265:10513::/home/user4:/bin/bash
> 
> After the last command (wbinfo -i DOM\\user4) also "wbinfo
> --uid-info=133265" shows the correct result and the "ls -l" list also
> list the user name instead of the uid.
> 
> 

One thing I have spotted:

/etc/krb5.conf should be:

[libdefaults]
     default_realm = DOM2.DOM.TU-DRESDEN.DE
     dns_lookup_realm = false
     dns_lookup_kdc = true

What is 'DOM2' ?
Is it a trusted domain ?

As I said, you are using the 'rid' backend and adding users to AD
shouldn't affect how winbind works. Your user 'user4' must have the RID
'123265' and so should be available as a Unix user.

I take it that the Unix domain member is using the DC as its dnd
nameserver.

Rowland



More information about the samba mailing list