devel@thom.fr.eu.org
2008-Jun-11 06:51 UTC
[Samba] idmap for trusted domain changing over time
Hello
I'm experiencing a weird behaviour with idmapping/winbindd.
I have two samba controlled domains with one trusting the other and using
winbindd to map trusted domain groups and users.
This works quite well, but after some time, I can see the unix uid/gid
allocated for the trusted domain groups/users being changed, and this
keeps on changing approximatively every 2 hours.
At samba/winbindd startup I have the uid/gid allocated starting at the
beginning of the range in "idmap alloc config:range" directive.
Also, I may have trouble with my configuration, because the trusted domain
uid/gid are not allocated in the range given by the "idmap config
DOMB:range" directive, and at startup, I get the gids allocated to BUILTIN
groups overlapping the gids allocated to the trusted domain.
Here is the relevant section of my smb.conf :
idmap domains = DOMB
idmap backend idmap alloc backend = tdb
idmap cache time = 900
idmap negative cache time = 120
idmap uid idmap gid template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = Yes
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
winbind:rpc only = yes
idmap config DOMB:range = 4000-4999
idmap config DOMB:default = Yes
idmap config DOMB:backend = tdb
idmap alloc config:range = 3000-4999
Anybody can help ?
--
Fran?ois Legal
Message scanned by ClamAV engine (http://www.clamav.net)
--------------------------------------------------------
devel@thom.fr.eu.org
2008-Jun-11 06:57 UTC
[Samba] idmap for trusted domain changing over time
I forgot to precise I'm using 3.0.29> Hello > > I'm experiencing a weird behaviour with idmapping/winbindd. > > I have two samba controlled domains with one trusting the other and using > winbindd to map trusted domain groups and users. > This works quite well, but after some time, I can see the unix uid/gid > allocated for the trusted domain groups/users being changed, and this > keeps on changing approximatively every 2 hours. > At samba/winbindd startup I have the uid/gid allocated starting at the > beginning of the range in "idmap alloc config:range" directive. > > Also, I may have trouble with my configuration, because the trusted domain > uid/gid are not allocated in the range given by the "idmap config > DOMB:range" directive, and at startup, I get the gids allocated to BUILTIN > groups overlapping the gids allocated to the trusted domain. > > Here is the relevant section of my smb.conf : > > idmap domains = DOMB > idmap backend > idmap alloc backend = tdb > idmap cache time = 900 > idmap negative cache time = 120 > idmap uid > idmap gid > template homedir = /home/%D/%U > template shell = /bin/false > winbind separator = \ > winbind cache time = 300 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = No > winbind trusted domains only = No > winbind nested groups = Yes > winbind nss info = template > winbind refresh tickets = No > winbind offline logon = No > winbind normalize names = No > winbind:rpc only = yes > idmap config DOMB:range = 4000-4999 > idmap config DOMB:default = Yes > idmap config DOMB:backend = tdb > idmap alloc config:range = 3000-4999 > > Anybody can help ? > > -- > Fran?ois Legal > > > Message scanned by ClamAV engine (http://www.clamav.net) > -------------------------------------------------------- > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > Message scanned by ClamAV engine (http://www.clamav.net) > -------------------------------------------------------- >-- Fran?ois Legal Message scanned by ClamAV engine (http://www.clamav.net) --------------------------------------------------------