[Samba] What is the Uid in smbstatus command?
Rowland Penny
rpenny at samba.org
Wed May 11 15:47:00 UTC 2022
On Wed, 2022-05-11 at 16:28 +0100, Rowland Penny via samba wrote:
> On Wed, 2022-05-11 at 15:11 +0000, Jim Brand wrote:
> > There is a problem with your uid, in your smb.conf you posted this:
> >
> > You are saying that your uid (or ID) is '3578', but :
> >
> > 3578 != 7880
> >
> > So where is it coming from ????
> >
> > 3578 is UID from AD and local on the box. Our organization
> > requires
> > local userids on all servers(!) The only time we join AD on Linux
> > is
> > for Samba.
>
> The smb.conf that you posted in your first post is from a Unix domain
> member. You do not have 'local users' (users in /etc/passwd) that are
> also in AD e.g. you do not have the user 'fred' in /etc/passwd and in
> AD. If you do have the same usernames in both, the local user will be
> used before the AD users and the two users are totally different
> users
> even if they are both called 'fred'.
> > Since our Samba files normally match UID/GID in /etc/passwd, not
> > RID
> > + Offset I assume ' backend = rid' has never worked properly.
>
> No your understanding of Samba seems to be the problem, you seem to
> be
> treating Samba as a standalone server (which, from your sample
> smb.conf
> , it isn't) and a Unix domain member.
>
> > Since we want UIDs to match /etc/passwd I'm going to try again to
> > get Samba working with ad backend.
>
> If you go down this path (just use the Unix ID's for the uidNumber or
> gidNumber attributes in AD), remove the users from /etc/passwd, you
> will no longer require them.
>
>
> > Or we can stick with
> > security = DOMAIN
> > which gives us the desired behavior. Only problem is when servers
> > reboot we have to rejoin the domain. Security = ADS solved that.
>
> Do not use 'security = DOMAIN', it requires SMBv1 and this will be
> removed from Samba.
>
> Rowland
Just to prove what I saying is true, I ran a few commands on a Unix
domain member:
First, am I a domain user:
rowland at devstation:~$ wbinfo -u | grep rowland
rowland
Okay, I am a domain user.
Is my username in /etc/passwd:
rowland at devstation:~$ cat /etc/passwd | grep rowland
rowland at devstation:~$
So my name isn't in /etc/passwd, so does the Unix OS know who I am :
rowland at devstation:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
Yes, it does.
I use the 'ad' idmap backend, but I would get a similar result with the
'autorid' or 'rid' idmap backends (only the numbers would change)
I can log into any of my Unix computers with the same username and
password and I only have to maintain those in one place, not 10, 20, 30
etc places.
Rowland
More information about the samba
mailing list