[Samba] Issues with FLOCK on NFS Share

Rowland penny rpenny at samba.org
Mon Jul 6 19:02:32 UTC 2020

On 06/07/2020 19:22, Christopher Cox via samba wrote:
> On 7/6/20 1:09 PM, Rowland penny via samba wrote:
> I understand where you're coming and tried to mention that mindset in 
> what I wrote.   You're assumption is that there is a "single 
> controller", and for you it's Samba with RFC2307 attributes, but a lot 
> of what I said still applies to
> that exact scenario.  Unless you're ready to take nsswitch.conf to 
> only having winbind (and search nothing else) and you're prepared to 
> own the PAM stack.
> True?  But I will tell you, that even with those extremes, the battle 
> isn't easily won 

No, you missed this: you just need to setup the OS and Samba correctly

Local system users and groups use ID's in the 0-999 range

Normal local Unix ID's start at 1000, so as long as you leave a small 
range above this number, you shouldn't have a problem.

On the Samba wiki it is suggested that you use the range 3000-7999 for 
'*' domain (this is for the Windows Well Known SID's and anything 
outside the main domain). This would allow you to have 1999 local Unix 
users (not that you need anything like this number, as all AD users can 
be mapped to Unix users)

The wiki then suggests starting the DOMAIN users and groups at 10000 
(which is what ADUC used), The only problem is on Debian based OS's and 
this is from their use of 65534 for nobody & nogroup (and this can be 
worked around).

So, as I said, configure Samba and your Linux OS correctly and you will 
not have a problem.


More information about the samba mailing list