Georg.Biberger at partner.bmw.de
2020-Jul-01 11:59 UTC
[Samba] Issues with FLOCK on NFS Share
>The 'idmap config' lines are borked, the default domain '*' lines are >okay, but the 'MUC' domain lines are half correct, yes you can use the >'rid' backend, but you must set a range. You did set a range, but it was >incorrect and you have commented it out. The two ranges must not >overlap, but what you had before you commented it out, well, overlap >would be an understatement, the '*' domain was totally inside the 'MUC' >domain, you need to fix this.I have the problem that all files on NFS-Shares are only accessible by the user qqeda11 (unix-id 79846). All users get mapped to qqeda11 with usermap qqeda11=*. But the user qqeda11 is also known in the MUC-Domain as windows user (muc/qqeda11 SID= S-1-5-21-43206524-2104247658-1151357142-1581344): To achieve the correct mapping, I have added a mapping to winbindd_idmap.tdb: dumping id mapping from /lfs/EDA/DATA/SOFTWARE/samba/var/locks/winbindd_idmap.tdb GID 79846 S-1-5-21-43206524-2104247658-1151357142-513 USER HWM 79846 UID 79846 S-1-5-21-43206524-2104247658-1151357142-1581344 GID 79847 S-1-1-0 GID 79848 S-1-5-2 GROUP HWM 79849 Does this correspond with your explanation of id ranges? Georg
On 01/07/2020 12:59, Georg.Biberger--- via samba wrote:>> The 'idmap config' lines are borked, the default domain '*' lines are >> okay, but the 'MUC' domain lines are half correct, yes you can use the >> 'rid' backend, but you must set a range. You did set a range, but it was >> incorrect and you have commented it out. The two ranges must not >> overlap, but what you had before you commented it out, well, overlap >> would be an understatement, the '*' domain was totally inside the 'MUC' >> domain, you need to fix this. > I have the problem that all files on NFS-Shares are only accessible by the user qqeda11 (unix-id 79846). > All users get mapped to qqeda11 with usermap qqeda11=*. > But the user qqeda11 is also known in the MUC-Domain as windows user (muc/qqeda11 SID= S-1-5-21-43206524-2104247658-1151357142-1581344): > > To achieve the correct mapping, I have added a mapping to winbindd_idmap.tdb: > > dumping id mapping from /lfs/EDA/DATA/SOFTWARE/samba/var/locks/winbindd_idmap.tdb > GID 79846 S-1-5-21-43206524-2104247658-1151357142-513 > USER HWM 79846 > UID 79846 S-1-5-21-43206524-2104247658-1151357142-1581344 > GID 79847 S-1-1-0 > GID 79848 S-1-5-2 > GROUP HWM 79849 > > Does this correspond with your explanation of id ranges? > > Georg > >Your user has the RID 1581344 and the 'rid' backend uses? this along with the low range to calculate the users Unix ID, so from the commented line, this would be: 79846 + 1581344 = 1661190 This is less than the high range, so would be valid. But if you use '100001-500000000' for the range, the ID would be: 100001 + 1581344 = 1681345 This would be a valid ID as well. Rowland
Georg.Biberger at partner.bmw.de
2020-Jul-06 07:28 UTC
[Samba] Issues with FLOCK on NFS Share
>Your user has the RID 1581344 and the 'rid' backend uses this along >with the low range to calculate the users Unix ID, so from the commented >line, this would be:>79846 + 1581344 = 1661190>This is less than the high range, so would be valid.>But if you use '100001-500000000' for the range, the ID would be:>100001 + 1581344 = 1681345>This would be a valid ID as well.>RowlandHow can i achieve that the user qqeda11 is mapped to the the unix id 79846? Background: All NFS files are only accessible by unix user qqeda11 with unix id 79846! Georg