[Samba] autorid broken in samba 4.9?
Nathaniel W. Turner
nate at houseofnate.net
Thu Apr 9 13:35:24 UTC 2020
Hi all,
Thanks for the replies.
On Thu, Apr 9, 2020 at 3:54 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> Good morning Rowland,
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland penny via samba
> > Verzonden: donderdag 9 april 2020 9:46
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] autorid broken in samba 4.9?
> >
> > On 09/04/2020 08:34, L.P.H. van Belle via samba wrote:
> > > Show the servers there smb.conf that might help.
> > >
> > > And your using autorid..
> > > https://wiki.samba.org/index.php/Idmap_config_autorid
> > >
> > > Drawbacks: User and group IDs are not equal across Samba
> > domain members.
> > >
> > > TC84\administrator:*:1100500:1100513::/home/administrator at TC84
> > > TC83\administrator:*:1200500:1200513::/home/administrator at TC83
> > >
> > > 1200500-1100500 = 100000
> > >
> > > idmap config * : rangesize = 100000
> > > The default value is 100000 !
> > >
> > > So this looks normal.. But i never used autorid so, im sure
> > if im wrong
> > > Someone will correct me ;-)
> >
> > Yes that is correct, they should be different across domains,
> > but they
> > shouldn't change if Samba is upgraded and this is what has
> > happened for
> > the OP.
>
Right, the mappings in the samba 4.8 case quoted look right to me too. What
I don'd understand is this:
TC84\administrator:*:2000500:2000513::/home/administrator at TC84:/bin/bash
TC83\administrator:*:10000:10000::/home/administrator at TC83:/bin/bash
I thought that because I have "idmap config * : range = 1000000-19999999",
that the lowest UID that idmap would allocate would be 1000000 (but here we
have 10,000 which is much less than 1,000,000).
> I wasn't going to reply on this subject because I do not know enough
> > about autorid and there doesn't seem to be any changes to
> > the code that could cause this. I did hope that one of the other Samba
> > team members would chime in.
>
> Hahaha.. Yeah.well, one did :-).
> And I was thinking the same but i felt sorry nobody replied him,
> so i gave it an attempt to help. I dont know much of the autorid part also,
> but lets give it a try.
>
> >
> > Perhaps seeing the OP's smb.conf might help and a bit more
> > info, is sssd running for instance ?
>
> Yeah, we really need the full smb.conf to tell more.
>
Sure, here's the whole thing (it's identical on both machines):
# Global parameters
[global]
client signing = required
debug pid = Yes
debug prefix timestamp = Yes
disable netbios = Yes
dns proxy = No
guest account = nfsnobody
hostname lookups = Yes
kerberos method = system keytab
load printers = No
local master = No
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
max open files = 32768
preferred master = No
realm = TC84.LOCAL
security = ADS
server min protocol = SMB2
server string = xxxxxxx
template homedir = /home/%U@%D
template shell = /bin/bash
unix extensions = No
winbind offline logon = Yes
winbind refresh tickets = Yes
workgroup = TC84
idmap config * : range = 1000000-19999999
idmap config * : backend = autorid
aio read size = 0
aio write size = 0
allocation roundup size = 0
dfree cache time = 60
level2 oplocks = No
locking = No
oplocks = No
More information about the samba
mailing list