[Samba] idmap limit?
Rowland Penny
rpenny at samba.org
Tue Jan 16 16:26:02 UTC 2018
On Tue, 16 Jan 2018 16:54:17 +0100
Andreas Hauffe via samba <samba at lists.samba.org> wrote:
> Ok, you are completely right. Here are the real numbers with changed
> user names:
>
> drwx------ 43 DOM\user1 DOM\domain-user 4096 Jan 10 08:00
> user1 drwx------ 5 DOM\user2 DOM\domain-user 4096 Jan 11
> 08:13 user2 drwx------ 92 DOM\user3 DOM\domain-user 4096 Jan
> 16 08:39 user3 drwx------ 3 133265 DOM\domain-user
> 4096 Sep 7 2015 user4 drwx------ 7 470055
> DOM\domain-user 4096 Apr 30 2013 user5 drwx------ 12 DOM\user6
> DOM\domain-user 4096 Jan 4 12:46 user6 drwx------ 51
> DOM\user7 DOM\domain-user 4096 Jan 15 23:01 user7
> drwx------ 2 95092 DOM\domain-user 4096 Jul 1
> 2015 user8 drwx------ 3 DOM\user9 DOM\domain-user 4096
> Jun 8 2015 user9 ....
> drwx------ 7 DOM\user200 DOM\domain-user 4096 Nov 6 2012
> user200
>
> > wbinfo --uid-info=133265
> failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for uid 133265
>
> > wbinfo -i DOM\\user4
> DOM\user4:*:133265:10513::/home/user4:/bin/bash
>
> After the last command (wbinfo -i DOM\\user4) also "wbinfo
> --uid-info=133265" shows the correct result and the "ls -l" list also
> list the user name instead of the uid.
>
>
One thing I have spotted:
/etc/krb5.conf should be:
[libdefaults]
default_realm = DOM2.DOM.TU-DRESDEN.DE
dns_lookup_realm = false
dns_lookup_kdc = true
What is 'DOM2' ?
Is it a trusted domain ?
As I said, you are using the 'rid' backend and adding users to AD
shouldn't affect how winbind works. Your user 'user4' must have the RID
'123265' and so should be available as a Unix user.
I take it that the Unix domain member is using the DC as its dnd
nameserver.
Rowland
More information about the samba
mailing list