Hi all, I am preparing a migration from openLDAP to Samba 4 AD I am trying to get a Samba 3.6 fileserver (for different reasons it has to be samba 3.6) with ad backend to work with a Samba 4 AD. Almost everything is working. The only problem is that the fileserver does not map the users gidNumber correctly. Example: userx has the uid 1229 and the gid 1040 If I use the "id" command on the DC everything looks correct: ------ [root at dc1 ~]# id userx uid=1229(userx) gid=1040(group_xx) groups=1040(group_xx),6000(EXAMPLE\domain users),3000009(BUILTIN\users) ------ But on the fileserver the gid 1040 is missing completely: ----- [root at samba3 ~]#id userx uid=1229(userx) gid=6000(domain users) groups=6000(domain users),500001(BUILTIN\users) ----- Here is the content of my Samba 3 smb.conf: ------------- [global] security = ADS workgroup = EXAMPLE realm = EXAMPLE.NET loglevel = 4 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes idmap config * : range = 500000-799999 idmap config EXAMPLE : backend = ad idmap config EXAMPLE : schema_mode = rfc2307 idmap config EXAMPLE : range = 1000-399999 template shell = /bin/bash template homedir = /home/%U ------------ Any ideas on what I can do to correctly map the gid? thank you marc
Rowland Penny
2018-May-08 13:04 UTC
[Samba] Samba 4 AD and Samba 3.6 Fileserver GID Problem
On Tue, 8 May 2018 14:38:16 +0200 Marc Linden via samba <samba at lists.samba.org> wrote:> Hi all, > > I am preparing a migration from openLDAP to Samba 4 AD > > I am trying to get a Samba 3.6 fileserver (for different reasons it > has to be samba 3.6) with ad backend to work with a Samba 4 AD. > > Almost everything is working. The only problem is that the fileserver > does not map the users gidNumber correctly. >And that is your problem, Samba 3.6 will ALWAYS use Domain Users as the users primary group, you need to use at least 4.6.0 for the users gidNumber to be used as the users primary group. Why do you have to stick with 3.6 ? Rowland
Hi Rowland, thanks for the clarification, although I hoped for a different solution. We use a third party archiving software that currently only supports samba 3.6. best marc Am 08.05.2018 um 15:04 schrieb Rowland Penny via samba:> On Tue, 8 May 2018 14:38:16 +0200 > Marc Linden via samba <samba at lists.samba.org> wrote: > >> Hi all, >> >> I am preparing a migration from openLDAP to Samba 4 AD >> >> I am trying to get a Samba 3.6 fileserver (for different reasons it >> has to be samba 3.6) with ad backend to work with a Samba 4 AD. >> >> Almost everything is working. The only problem is that the fileserver >> does not map the users gidNumber correctly. >> > > And that is your problem, Samba 3.6 will ALWAYS use Domain Users as the > users primary group, you need to use at least 4.6.0 for the users > gidNumber to be used as the users primary group. > > Why do you have to stick with 3.6 ? > > Rowland >-- Marc Linden, M.Sc. IT-Administrator Max-Planck-Institut für Biologie des Alterns/ Max Planck Institute for Biology of Ageing Office: Joseph-Stelzmann-Str.9b, D-50931 Köln / Cologne Postal address: Postfach 41 06 23, D-50866 Köln / Cologne Tel.: +49 (0)221 37970 266 Fax: +49 (0)221 37970 800 Email: MLinden at age.mpg.de www.age.mpg.de