Davor Vusir
2014-Nov-03 21:14 UTC
[Samba] Samba 4.2.0 rc2 and winbindd, uid-/gidNumber and xidNumber
Trying out 4.2.0 rc2 and winbindd. Below is the AD DC's smb.conf.
Samba on the AD DC is updated from 4.1.3.
I'm having trouble getting uid-/gidNumbers. Just xidNumbers are
displayed. All domain account and groups have got it assigned. What
did I miss?
Is it possible that the outcome from the commands run on the AD DC is
a product from the fact that the domains NetBIOS-name is EXAMPLE and
not the left-most part of the dns domain (SAMDOM)? Any ideas
appreciated.
Regards
Davor
Outcome from command ran on both the AD DC and a member server:
AD DC:
root at dc1:/usr/local/samba# id davor
uid=3000023(davor) gid=100(users)
groups=100(users),3000023(davor),3000020(fileacc-common),3000021(fileacc-home),3000009(BUILTIN\users)
root at dc1:/usr/local/samba# getent passwd davor
davor:*:3000023:100:Davor Vusir:/home/%D/%U:/bin/false
root at dc1:/usr/local/samba# getent group 'Domain Users'
domain users:x:100:
Member server:
admind at ostraaros:~$ id davor
uid=11105(davor) gid=10513(domain users) groups=10513(domain
users),11106(fileacc-home),11107(fileacc-common),1000003(BUILTIN\users)
admind at ostraaros:~$ getent passwd davor
davor:*:11105:10513::/home/EXAMPLE/davor:/bin/false
admind at ostraaros:~$ getent group 'Domain Users'
domain users:x:10513:
smb.conf:
[global]
workgroup = EXAMPLE
realm = samdom.example.org
netbios name = DC1
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
disable spoolss = yes
log level = 3
interfaces = 192.168.1.2/24 127.0.0.1/8
bind interfaces only = yes
idmap config EXAMPLE:backend = ad
idmap config EXAMPLE:schema_mode = rfc2307
idmap config EXAMPLE:range = 10000-999999
idmap config *:backend = tdb
idmap config *:range = 3000000-4000000
winbind nss info = rfc2307
winbind enum users = no
winbind enum groups = no
winbind nested groups = yes
winbind expand groups = 4
winbind use default domain = yes
Rowland Penny
2014-Nov-03 22:12 UTC
[Samba] Samba 4.2.0 rc2 and winbindd, uid-/gidNumber and xidNumber
On 03/11/14 21:14, Davor Vusir wrote:> Trying out 4.2.0 rc2 and winbindd. Below is the AD DC's smb.conf. > Samba on the AD DC is updated from 4.1.3. > I'm having trouble getting uid-/gidNumbers. Just xidNumbers are > displayed. All domain account and groups have got it assigned. What > did I miss? > > Is it possible that the outcome from the commands run on the AD DC is > a product from the fact that the domains NetBIOS-name is EXAMPLE and > not the left-most part of the dns domain (SAMDOM)? Any ideas > appreciated. > > Regards > Davor > > > Outcome from command ran on both the AD DC and a member server: > AD DC: > root at dc1:/usr/local/samba# id davor > uid=3000023(davor) gid=100(users) > groups=100(users),3000023(davor),3000020(fileacc-common),3000021(fileacc-home),3000009(BUILTIN\users) > root at dc1:/usr/local/samba# getent passwd davor > davor:*:3000023:100:Davor Vusir:/home/%D/%U:/bin/false > root at dc1:/usr/local/samba# getent group 'Domain Users' > domain users:x:100: > > Member server: > admind at ostraaros:~$ id davor > uid=11105(davor) gid=10513(domain users) groups=10513(domain > users),11106(fileacc-home),11107(fileacc-common),1000003(BUILTIN\users) > admind at ostraaros:~$ getent passwd davor > davor:*:11105:10513::/home/EXAMPLE/davor:/bin/false > admind at ostraaros:~$ getent group 'Domain Users' > domain users:x:10513: > > smb.conf: > [global] > workgroup = EXAMPLE > realm = samdom.example.org > netbios name = DC1 > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > disable spoolss = yes > log level = 3 > interfaces = 192.168.1.2/24 127.0.0.1/8 > bind interfaces only = yes > idmap config EXAMPLE:backend = ad > idmap config EXAMPLE:schema_mode = rfc2307 > idmap config EXAMPLE:range = 10000-999999 > idmap config *:backend = tdb > idmap config *:range = 3000000-4000000 > winbind nss info = rfc2307 > winbind enum users = no > winbind enum groups = no > winbind nested groups = yes > winbind expand groups = 4 > winbind use default domain = yesHi, I have a bug report open for winbindd on 4.2rc2 (10886), It does pull the uidNumber & gidNumber for a user, but it still doesn't pull the unixHomeDirectory & loginShell attributes. I also discovered, during my testing, that you do not need (at present, at least) all the extra winbind & idmap lines in smb.conf, you get the same results, whether they are there or not. Rowland