[Samba] ID Mapping

Abi adhanani at abdha.com
Tue Nov 24 03:00:00 UTC 2020 

I'm pretty sure you need to clear your winbind cache after modifying
the range. I can't find any official documentation on it anywhere, but
I think the process goes like:

systemctl stop winbind
systemctl stop smbd
net cache flush
systemctl start winbind
systemctl start smbd

If that doesn't work you could try clearing the tdb files and the group
mapping ldb file in /var/lib/samba ( after making a backup ). This user
had some luck with it: https://serverfault.com/questions/476086/samba-w
inbind-user-resolution 




On Tue, 2020-11-24 at 10:24 +0800, 王金磊 via samba wrote:
> I have updated samba to 4.10.4:
> 
> # rpm -qa | grep samba-4
> samba-4.10.4-11.el7_8.x86_64
> 
> And update the conf:
> 
> # cat /etc/samba/smb.conf | grep "config"
> 	idmap config *:backend = tdb
> 	idmap config *:range = 30000-40000
> 
> And reload config, restart winbind:
> 
> # smbcontrol all reload-config
> # systemctl restart winbind
> 
> But it did not work:
> 
> # id jin
> uid=30000(jin) gid=30000(domain users) groups=30000(domain
> users),30001(xts)
> 
> At 2020-11-24 09:55:33, "Abi" <adhanani at abdha.com> wrote:
> > Your 'range' in your 4.6.2 config is different than the one in your
> > 4.4.4 config. Try setting it to: 'idmap config *:range = 30000-
> > 40000' ,
> > to see if the issue no longer occurs. 
> > 
> > On Tue, 2020-11-24 at 09:17 +0800, 王金磊 via samba wrote:
> > > Hi,
> > > 
> > >     I'm using samba for login in Linux via Active Directory (win
> > > 2008).
> > > 
> > >     In my Active Directory, there is a user "jin", and its
> > > primary
> > > group is "xts", its supplementary group is "Domain Users". I
> > > found
> > > that the gid mapping is inconsistent with different samba
> > > version.
> > > That is:
> > > 
> > > For samba-4.4.4:
> > > 
> > > # id jin
> > > uid=30000(jin) gid=30000(xts) groups=30000(xts),30001(domain
> > > users)
> > > 
> > > the gid is consistent with the AD
> > > 
> > > But samba-4.6.2:
> > > 
> > > # id jin
> > > uid=40000(jin) gid=40000(domain users) groups=40000(domain
> > > users),40001(xts)
> > > 
> > > the gid is inconsistent with AD.
> > > 
> > > My conf in samba-4.4.4:
> > > 
> > > [global]
> > >     workgroup = TEST
> > >     security = ads
> > > 
> > >     passdb backend = tdbsam
> > > 
> > >     realm = test.com
> > > 
> > >     idmap config *:backend = tdb
> > >     idmap config *:range = 30000-40000
> > > 
> > >     template shell = /bin/bash
> > >     template homedir = /home/%U
> > > 
> > >     printing = cups
> > >     printcap name = cups
> > >     load printers = yes
> > >     cups options = raw
> > >     winbind use default domain = true
> > >     ...
> > > 
> > > And my conf in samba-4.6.2:
> > > 
> > > [global]
> > >     workgroup = TEST
> > >     security = ads
> > > 
> > >     passdb backend = tdbsam
> > > 
> > >     realm = test.com
> > > 
> > >     idmap config *:backend = tdb
> > >     idmap config *:range = 40000-50000
> > > 
> > >     template shell = /bin/bash
> > >     template homedir = /home/%U
> > > 
> > >     printing = cups
> > >     printcap name = cups
> > >     load printers = yes
> > >     cups options = raw
> > >     winbind use default domain = true
> > >     ...
> > > 
> > > Thanks~

More information about the samba mailing list