[Samba] ID Mapping

王金磊 jinlei_dlut at 163.com
Tue Nov 24 02:24:36 UTC 2020 

I have updated samba to 4.10.4:

# rpm -qa | grep samba-4
samba-4.10.4-11.el7_8.x86_64

And update the conf:

# cat /etc/samba/smb.conf | grep "config"
	idmap config *:backend = tdb
	idmap config *:range = 30000-40000

And reload config, restart winbind:

# smbcontrol all reload-config
# systemctl restart winbind

But it did not work:

# id jin
uid=30000(jin) gid=30000(domain users) groups=30000(domain users),30001(xts)

At 2020-11-24 09:55:33, "Abi" <adhanani at abdha.com> wrote:
>Your 'range' in your 4.6.2 config is different than the one in your
>4.4.4 config. Try setting it to: 'idmap config *:range = 30000-40000' ,
>to see if the issue no longer occurs. 
>
>On Tue, 2020-11-24 at 09:17 +0800, 王金磊 via samba wrote:
>> Hi,
>> 
>>     I'm using samba for login in Linux via Active Directory (win
>> 2008).
>> 
>>     In my Active Directory, there is a user "jin", and its primary
>> group is "xts", its supplementary group is "Domain Users". I found
>> that the gid mapping is inconsistent with different samba version.
>> That is:
>> 
>> For samba-4.4.4:
>> 
>> # id jin
>> uid=30000(jin) gid=30000(xts) groups=30000(xts),30001(domain users)
>> 
>> the gid is consistent with the AD
>> 
>> But samba-4.6.2:
>> 
>> # id jin
>> uid=40000(jin) gid=40000(domain users) groups=40000(domain
>> users),40001(xts)
>> 
>> the gid is inconsistent with AD.
>> 
>> My conf in samba-4.4.4:
>> 
>> [global]
>>     workgroup = TEST
>>     security = ads
>> 
>>     passdb backend = tdbsam
>> 
>>     realm = test.com
>> 
>>     idmap config *:backend = tdb
>>     idmap config *:range = 30000-40000
>> 
>>     template shell = /bin/bash
>>     template homedir = /home/%U
>> 
>>     printing = cups
>>     printcap name = cups
>>     load printers = yes
>>     cups options = raw
>>     winbind use default domain = true
>>     ...
>> 
>> And my conf in samba-4.6.2:
>> 
>> [global]
>>     workgroup = TEST
>>     security = ads
>> 
>>     passdb backend = tdbsam
>> 
>>     realm = test.com
>> 
>>     idmap config *:backend = tdb
>>     idmap config *:range = 40000-50000
>> 
>>     template shell = /bin/bash
>>     template homedir = /home/%U
>> 
>>     printing = cups
>>     printcap name = cups
>>     load printers = yes
>>     cups options = raw
>>     winbind use default domain = true
>>     ...
>> 
>> Thanks~

More information about the samba mailing list