[Samba] idmap limit?
Andreas Hauffe
andreas.hauffe at tu-dresden.de
Tue Jan 16 16:49:55 UTC 2018
Am 16.01.2018 um 17:26 schrieb Rowland Penny via samba:
> On Tue, 16 Jan 2018 16:54:17 +0100
> Andreas Hauffe via samba <samba at lists.samba.org> wrote:
>
>> Ok, you are completely right. Here are the real numbers with changed
>> user names:
>>
>> drwx------ 43 DOM\user1 DOM\domain-user 4096 Jan 10 08:00
>> user1 drwx------ 5 DOM\user2 DOM\domain-user 4096 Jan 11
>> 08:13 user2 drwx------ 92 DOM\user3 DOM\domain-user 4096 Jan
>> 16 08:39 user3 drwx------ 3 133265 DOM\domain-user
>> 4096 Sep 7 2015 user4 drwx------ 7 470055
>> DOM\domain-user 4096 Apr 30 2013 user5 drwx------ 12 DOM\user6
>> DOM\domain-user 4096 Jan 4 12:46 user6 drwx------ 51
>> DOM\user7 DOM\domain-user 4096 Jan 15 23:01 user7
>> drwx------ 2 95092 DOM\domain-user 4096 Jul 1
>> 2015 user8 drwx------ 3 DOM\user9 DOM\domain-user 4096
>> Jun 8 2015 user9 ....
>> drwx------ 7 DOM\user200 DOM\domain-user 4096 Nov 6 2012
>> user200
>>
>> > wbinfo --uid-info=133265
>> failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for uid 133265
>>
>> > wbinfo -i DOM\\user4
>> DOM\user4:*:133265:10513::/home/user4:/bin/bash
>>
>> After the last command (wbinfo -i DOM\\user4) also "wbinfo
>> --uid-info=133265" shows the correct result and the "ls -l" list also
>> list the user name instead of the uid.
>>
>>
> One thing I have spotted:
>
> /etc/krb5.conf should be:
>
> [libdefaults]
> default_realm = DOM2.DOM.TU-DRESDEN.DE
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> What is 'DOM2' ?
> Is it a trusted domain ?
>
> As I said, you are using the 'rid' backend and adding users to AD
> shouldn't affect how winbind works. Your user 'user4' must have the RID
> '123265' and so should be available as a Unix user.
>
> I take it that the Unix domain member is using the DC as its dnd
> nameserver.
>
> Rowland
>
Actually, it should be and is "DOM2.DOM.EXAMPLE.DE". And this domain
(DOM2) is a subdomain of DOM.EXAMPLE.DE (bidirectional transitiv trust).
At our university we have a parent domain "DOM.EXAMPLE.DE" were all the
user accounts are hold/administered. Every department have a subdomain
for their services. In our example case "DOM2.DOM.EXAMPLE.DE". The
client and so the member server are member of "DOM2.DOM.EXAMPLE.DE". But
most of the users are from "DOM.EXAMPLE.DE".
And I checked, the RID of the user4 is 123265.
Yes, the DC (actually both DCs) is the dns of the unix member server.
--
Viele Grüße
Andreas Hauffe
Leiter des Forschungsfeldes "Auslegungsmethoden für Luftfahrzeuge"
----------------------------------------------------------------------------------------------------
Technische Universität Dresden
Institut für Luft- und Raumfahrttechnik / Institute of Aerospace Engineering
Lehrstuhl für Luftfahrzeugtechnik / Chair of Aircraft Engineering
D-01062 Dresden
Germany
phone : +49 (351) 463 38496
fax : +49 (351) 463 37263
mail : andreas.hauffe at tu-dresden.de
Website : http://tu-dresden.de/mw/ilr/lft
----------------------------------------------------------------------------------------------------
Do you know our free laminate analysis code eLamX²? If not, please visit the following web address:
http://www.elamx.de
More information about the samba
mailing list