samba 4.3.4: winbindd is mapping a user uid to an incorrected value
Rowland Penny
repenny241155 at gmail.com
Thu Jan 14 14:27:26 UTC 2016
See inline comments:
On 14/01/16 13:57, Daniele Dario wrote:
> All users have a uidNumber in AD (I can see it with ldbedit/search) so I
> hope to not have orphans later.
>
>
> First off, thanks again. It seems I'm your nemesis :-(
>
> I know I need to setup a domain member as a fileserver. Just as a side
> question, would it be possible to make a DC become a domain member?
Not in the context of an AD domain member, you could however, stop a DC
and then reconfigure (as per the wiki) it as a domain member. I wouldn't
do this though, it would be easier to set up another domain member.
>
> Getting back to my problem:
>
> ldbsearch -H /usr/local/samba/private/sam.ldb '(uidNumber=3000033)'
> # Referral
> ref: ldap://saitel.loc/CN=Configuration,DC=saitel,DC=loc
>
> # Referral
> ref: ldap://saitel.loc/DC=DomainDnsZones,DC=saitel,DC=loc
>
> # Referral
> ref: ldap://saitel.loc/DC=ForestDnsZones,DC=saitel,DC=loc
>
> # returned 3 records
> # 0 entries
> # 3 referrals
>
> So it seems the uidNumber is present but I can't find which records
Ah no, that says it cannot find the uidNumber 3000033
> contain it.
>
> This is the smb.conf of kdc01
>
> # Global parameters
> [global]
> workgroup = SAITEL
> realm = saitel.loc
> netbios name = KDC01
> server role = active directory domain controller
> dns forwarder = 8.8.8.8
> idmap_ldb:use rfc2307 = yes
> template shell = /bin/bash
> log file = /var/log/log.samba
> log level = 3
> # server services = -winbindd +winbind
>
> load printers = no
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/saitel.loc/scripts
> read only = no
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = no
>
> And this is the one of kdc03
>
> # Global parameters
> [global]
> workgroup = SAITEL
> realm = saitel.loc
> netbios name = KDC03
> server role = active directory domain controller
> dns forwarder = 8.8.8.8
> idmap_ldb:use rfc2307 = yes
> template shell = /bin/bash
> log file = /var/log/log.samba
> log level = 2
> # server services = -winbindd +winbind
>
> printing = cups
> printcap name = /var/run/cups/printcap
> load printers = yes
>
> rpc_server:spoolss = external
> rpc_daemon:spoolssd = fork
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/saitel.loc/scripts
> read only = no
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = no
>
>
>
Have you given your users an attribute called 'uidNumber', this
attribute is *not* created automatically.
i.e. does:
ldbsearch -H /usr/local/samba/private/sam.ldb '(uidNumber=*)' uidNumber
| grep 'uidNumber'
return anything ?
Does:
ldbsearch -H /usr/local/samba/private/sam.ldb
'(&(objectClass=group)(cn=Domain Users))' gidNumber | grep 'gidNumber'
return anything and if so what ?
what does:
ldbsearch -H /usr/local/samba/private/sam.ldb
'(&(objectClass=user)(samaccountname=marco))' uidNumber | grep uidNumber
| awk '{print $NF}'
return ? and is it '3000033' or '4001107' ?
Rowland
More information about the samba-technical
mailing list