[Samba] ID Mapping

王金磊 jinlei_dlut at 163.com
Tue Nov 24 04:51:33 UTC 2020 

I followed your steps, my smb.service is inactive

[root at localhost samba]# systemctl stop winbind
[root at localhost samba]# net cache flush
[root at localhost samba]# ll
total 460
drwxrwxr-x. 10 root printadmin   4096 Oct 29 07:17 drivers
drwxr-xr-x.  4 root root           38 Oct 29 07:17 DriverStore
-rw-------.  1 root root          696 Nov 23 23:39 group_mapping.tdb
drwxr-xr-x.  4 root root         4096 Nov 23 23:39 lock
-rw-------.  1 root root          696 Nov 23 23:14 netsamlogon_cache.tdb
drwxr-xr-x.  2 root root           25 Oct 29 07:17 printing
drwx------.  3 root root          103 Nov 16 03:04 private
-rw-------.  1 root root        32768 Nov 23 23:39 winbindd_cache.tdb
-rw-r--r--.  1 root root       421888 Nov 23 23:39 winbindd_idmap.tdb
drwxr-x---.  2 root wbpriv         17 Nov 23 23:14 winbindd_privileged
[root at localhost samba]# rm -f *.tdb
[root at localhost samba]# ll
total 8
drwxrwxr-x. 10 root printadmin 4096 Oct 29 07:17 drivers
drwxr-xr-x.  4 root root         38 Oct 29 07:17 DriverStore
drwxr-xr-x.  4 root root       4096 Nov 23 23:39 lock
drwxr-xr-x.  2 root root         25 Oct 29 07:17 printing
drwx------.  3 root root        103 Nov 16 03:04 private
drwxr-x---.  2 root wbpriv       17 Nov 23 23:14 winbindd_privileged
[root at localhost samba]# systemctl start winbind.service 

I got the same result:

[root at localhost samba]# id jin
uid=30000(jin) gid=30000(domain users) groups=30000(domain users),30001(xts)

And I new a user in AD, named "0001", make "xts" is the only group and primary group of "0001",

but, I got:
 
[root at localhost samba]# id 0001
uid=30001(0001) gid=30000(domain users) groups=30000(domain users),30001(xts)

May it is a bug of samba?

At 2020-11-24 11:00:00, "Abi" <adhanani at abdha.com> wrote:
>I'm pretty sure you need to clear your winbind cache after modifying
>the range. I can't find any official documentation on it anywhere, but
>I think the process goes like:
>
>systemctl stop winbind
>systemctl stop smbd
>net cache flush
>systemctl start winbind
>systemctl start smbd
>
>If that doesn't work you could try clearing the tdb files and the group
>mapping ldb file in /var/lib/samba ( after making a backup ). This user
>had some luck with it: https://serverfault.com/questions/476086/samba-w
>inbind-user-resolution 
>
>
>
>
>On Tue, 2020-11-24 at 10:24 +0800, 王金磊 via samba wrote:
>> I have updated samba to 4.10.4:
>> 
>> # rpm -qa | grep samba-4
>> samba-4.10.4-11.el7_8.x86_64
>> 
>> And update the conf:
>> 
>> # cat /etc/samba/smb.conf | grep "config"
>> 	idmap config *:backend = tdb
>> 	idmap config *:range = 30000-40000
>> 
>> And reload config, restart winbind:
>> 
>> # smbcontrol all reload-config
>> # systemctl restart winbind
>> 
>> But it did not work:
>> 
>> # id jin
>> uid=30000(jin) gid=30000(domain users) groups=30000(domain
>> users),30001(xts)
>> 
>> At 2020-11-24 09:55:33, "Abi" <adhanani at abdha.com> wrote:
>> > Your 'range' in your 4.6.2 config is different than the one in your
>> > 4.4.4 config. Try setting it to: 'idmap config *:range = 30000-
>> > 40000' ,
>> > to see if the issue no longer occurs. 
>> > 
>> > On Tue, 2020-11-24 at 09:17 +0800, 王金磊 via samba wrote:
>> > > Hi,
>> > > 
>> > >     I'm using samba for login in Linux via Active Directory (win
>> > > 2008).
>> > > 
>> > >     In my Active Directory, there is a user "jin", and its
>> > > primary
>> > > group is "xts", its supplementary group is "Domain Users". I
>> > > found
>> > > that the gid mapping is inconsistent with different samba
>> > > version.
>> > > That is:
>> > > 
>> > > For samba-4.4.4:
>> > > 
>> > > # id jin
>> > > uid=30000(jin) gid=30000(xts) groups=30000(xts),30001(domain
>> > > users)
>> > > 
>> > > the gid is consistent with the AD
>> > > 
>> > > But samba-4.6.2:
>> > > 
>> > > # id jin
>> > > uid=40000(jin) gid=40000(domain users) groups=40000(domain
>> > > users),40001(xts)
>> > > 
>> > > the gid is inconsistent with AD.
>> > > 
>> > > My conf in samba-4.4.4:
>> > > 
>> > > [global]
>> > >     workgroup = TEST
>> > >     security = ads
>> > > 
>> > >     passdb backend = tdbsam
>> > > 
>> > >     realm = test.com
>> > > 
>> > >     idmap config *:backend = tdb
>> > >     idmap config *:range = 30000-40000
>> > > 
>> > >     template shell = /bin/bash
>> > >     template homedir = /home/%U
>> > > 
>> > >     printing = cups
>> > >     printcap name = cups
>> > >     load printers = yes
>> > >     cups options = raw
>> > >     winbind use default domain = true
>> > >     ...
>> > > 
>> > > And my conf in samba-4.6.2:
>> > > 
>> > > [global]
>> > >     workgroup = TEST
>> > >     security = ads
>> > > 
>> > >     passdb backend = tdbsam
>> > > 
>> > >     realm = test.com
>> > > 
>> > >     idmap config *:backend = tdb
>> > >     idmap config *:range = 40000-50000
>> > > 
>> > >     template shell = /bin/bash
>> > >     template homedir = /home/%U
>> > > 
>> > >     printing = cups
>> > >     printcap name = cups
>> > >     load printers = yes
>> > >     cups options = raw
>> > >     winbind use default domain = true
>> > >     ...
>> > > 
>> > > Thanks~

More information about the samba mailing list