samba - Jul 2005 - uid + gid mapping problem

Hi everyone,

                Ok I can log in locally as a windows user. I can su to a
windows user as well. But once I'm there:

 

[root@sandbox ~]# su mluich

bash-3.00$ whoami

whoami: cannot find username for UID 16777253

 

bash-3.00$ ls -l

total 4

drwxr-xr-x  2 16777253 16777218 4096 Jul 28 16:21 Desktop

-rwxr--r--  1 16777253 16777218    0 Jul 28 15:31 test.txt

 

Getent passwd returns:

 

mluich:*:16777253:16777218:Mike Luich:/home/mluich:/bin/bash

 

Plus others. The system does not seem to be mapping uid's + gid's
correctly. Any idea's?

 

[root@sandbox ~]# ps -ef|grep nscd

root      3491  2907  0 13:33 pts/1    00:00:00 grep nscd

 

Smb.conf:

 

[global]

   workgroup = dsci

      server string = Samba Server

      printcap name = /etc/printcap

      cups options = raw

      log file = /var/log/samba/%m.log

      max log size = 50

      socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192

      dns proxy = no

   template shell = /bin/bash

   password server = 192.168.109.1

   restrict anonymous = no

   domain master = no

   preferred master = no

   max protocol = NT

   ldap ssl = No

   server signing = Auto

   realm = DSCICORP.COM

   security = ads

   idmap uid = 10000-50000

   idmap gid = 10000-50000

   winbind trusted domains only = no

   template homedir = /home/%U

   winbind use default domain = yes

   winbind separator = +

 

nsswitch.conf:

 

passwd:     files winbind ldap

shadow:     files winbind ldap

group:      files winbind ldap

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files

netmasks:   files

networks:   files

protocols:  files winbind ldap

rpc:        files

services:   files winbind ldap

netgroup:   files winbind ldap

publickey:  nisplus

automount:  files winbind ldap

aliases:    files nisplus

 

pam.d/sshd:

 

auth       required     pam_stack.so service=system-auth

auth       sufficient   pam_winbind.so

auth       required     pam_nologin.so

account    required     pam_stack.so service=system-auth

account    sufficient   pam_winbind.so

password   required     pam_stack.so service=system-auth

session    required     pam_stack.so service=system-auth

 

Michael Luich

Unix Admininstrator

DSCI corp

mluich@dscicorp.com

cell: 603-475-5799

 

"The mark of an immature man is that he wants to die
nobly for a cause, while the mark of the mature man is
that he wants to live humbly for one."   --W. Stekel

> Hi everyone,
>
>                 Ok I can log in locally as a windows user. I can su to a
> windows user as well. But once I'm there:
>
>
>
> [root@sandbox ~]# su mluich
>
> bash-3.00$ whoami
>
> whoami: cannot find username for UID 16777253
>
>
>
> bash-3.00$ ls -l
>
> total 4
>
> drwxr-xr-x  2 16777253 16777218 4096 Jul 28 16:21 Desktop
>
> -rwxr--r--  1 16777253 16777218    0 Jul 28 15:31 test.txt
>
>
>
> Getent passwd returns:
>
>
>
> mluich:*:16777253:16777218:Mike Luich:/home/mluich:/bin/bash
>
I found this in the passwd(4) man page (Solaris 8):

     The maximum value of the uid and gid fields  is  2147483647.
     To  maximize interoperability and compatibility, administra-
     tors are recommended to assign users a  range  of  UIDs  and
     GIDs below 60000 where possible.

Perhaps you should try to set your UIDs and GIDs below 60000?  Maybe
"whoami" isn't capable of mapping UIDs/GIDs higher than 60000?

>
>    idmap uid = 10000-50000
>
>    idmap gid = 10000-50000
>
Looks like these settings are for an LDAP backend, to give a range of IDs
to be allocated for use by Samba in mapping Unix IDs to NT SIDs?  Why did
you set these?


Just a few thoughts (that might help).

Regards,

Arnold Andrews
Sr. Systems Administrator
Seagate Technology