[Samba] Issues with FLOCK on NFS Share

Rowland penny rpenny at samba.org
Wed Jul 1 12:29:46 UTC 2020


On 01/07/2020 12:59, Georg.Biberger--- via samba wrote:
>> The 'idmap config' lines are borked, the default domain '*' lines are
>> okay, but the 'MUC' domain lines are half correct, yes you can use the
>> 'rid' backend, but you must set a range. You did set a range, but it was
>> incorrect and you have commented it out. The two ranges must not
>> overlap, but what you had before you commented it out, well, overlap
>> would be an understatement, the '*' domain was totally inside the 'MUC'
>> domain, you need to fix this.
> I have the problem that all files on NFS-Shares are only accessible by the user qqeda11 (unix-id 79846).
> All users get mapped to qqeda11  with usermap qqeda11=*.
> But the user qqeda11 is also known in the MUC-Domain as windows user (muc/qqeda11 SID= S-1-5-21-43206524-2104247658-1151357142-1581344):
>
> To achieve the correct mapping, I have added a mapping to winbindd_idmap.tdb:
>
> 	dumping id mapping from /lfs/EDA/DATA/SOFTWARE/samba/var/locks/winbindd_idmap.tdb
> 	GID 79846 S-1-5-21-43206524-2104247658-1151357142-513
> 	USER HWM 79846
> 	UID 79846 S-1-5-21-43206524-2104247658-1151357142-1581344
> 	GID 79847 S-1-1-0
> 	GID 79848 S-1-5-2
> 	GROUP HWM 79849
>
> Does this correspond with your explanation of id ranges?
>
> Georg
>
>
Your user has the RID 1581344 and the 'rid' backend uses  this along 
with the low range to calculate the users Unix ID, so from the commented 
line, this would be:

79846 + 1581344 = 1661190

This is less than the high range, so would be valid.

But if you use '100001-500000000' for the range, the ID would be:

100001 + 1581344 = 1681345

This would be a valid ID as well.

Rowland





More information about the samba mailing list