[Samba] mixed versions, mixed UIDs

Steve Hideg hideg at saintmarys.edu
Thu Jan 10 15:26:17 UTC 2019 

Okay, so I've now read 'man idmap_rid'.

It states that the use of the base_rid parameter is deprecated, so does
that change ID formula to this?

ID = RID + LOW_RANGE_ID

Assuming that the default value for the now-deprecated base_rid is 0.

Following the example on the man page, I am going to try this:

idmap config * : backend = tdb
idmap config * :range = 1000000-1999999

idmap config ADSMC : backend = rid
idmap config ADSMC:range = 1500-500000

Will this work to keep IDs aligned across new and old systems (without
changing the old systems)?

Thanks.


On Thu, Jan 10, 2019 at 10:01 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 10 Jan 2019 09:29:19 -0500
> Steve Hideg via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> >
> > I've inherited a set of servers running Red Hat Enterprise Linux
> > Server release 5.9. They have some variant of samba 3.3 on them (e.g.
> > Version 3.3.8-0.52.el5_5.2). These servers are using Samba and
> > Winbind as a way to bind to our Active Directory environment as
> > domain members.
> >
> > We also have a domain member file server running the following:
> >
> > Red Hat Enterprise Linux Server release 5.6 (Tikanga)
> > Samba/Winbind Version 3.5.4-0.70.el5
> >
> > Due to hardware aging and the desire to use newer versions of the SMB
> > protocol, I have been building a new server and migrate user's data
> > over to it. The new server is running the following:
> >
> > Red Hat Enterprise Linux Server release 7.6 (Maipo)
> > Samba/Winbind Version 4.8.3
> >
> > One issue I've been having is trying to get UIDs to coinside between
> > old and new software versions.
> >
> > Our Samba 3 configs have the following defined:
> > idmap config ADSMC:default = yes
> > idmap config ADSMC:backend = rid
> > idmap config ADSMC:base_rid=500
> > idmap config ADSMC:range = 2000-100000
> >
> > I've set up the following in our Samba 4 server:
> > idmap config ADSMC:range = 2000-100000
> > idmap config * :range = 2000-100000
> > idmap config ADSMC : backend = rid
> > idmap config * : backend = tdb
>
> That isn't going to work, the ranges must not overlap.
>
> >
> > In an effort to keep things as compatible as possible between
> > co-existing old and new servers, I made an effort to emulate the old
> > settings ad much as possible.
>
> No you didn't
>
> >
> > I don't know if these settings are correct for our AD/Samba
> > environment, but it seems to work except for one issue. Every UID and
> > GID issued by the new server is 500 greater than the old server. This
> > presents a problem on some of the old servers that automount user
> > directories on the file server via NFS. The UID discrepancy results
> > in users not owning their own directories and files when logged into
> > older servers.
> >
> > One way I have tried to mitigate this was to set the ranges on the new
> > server to 500 less:
> > idmap config ADSMC:range = 1500-100000
> > idmap config * :range = 1500-100000
>
> No, it wouldn't
>
> >
> > Is this an acceptable solution, or is there something more radical I
> > need to do?
>
> How about reading 'man idmap_rid' ?
> Is that radical enough for you ;-)
> If you had read it, you would have found that the ID's are calculated
> from:
>
> ID = RID - BASE_RID + LOW_RANGE_ID
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list