Andrew Lyon
2010-Mar-22 08:18 UTC
[Samba] IDMAP_RID with Winbind works for groups but not users
Hi, I've setup samba 3.4.7 to use idmap_rid as per the documentation: idmap backend = rid:DOMAIN=500-100000000 idmap gid = 500-100000000 imap uid = 500-100000000 It seems to work for groups: wbinfo --group-info="domain admins" domain admins:x:100512 PsGetSid v1.43 - Translates SIDs to names and vice versa Copyright (C) 1999-2006 Mark Russinovich Sysinternals - www.sysinternals.com SID for DOMAIN\domain admins: S-1-5-21-xxxxxxxxxx-xxxxxxxx-xxxxxxxxxx-512 But not for users: wbinfo --user-info=administrator administrator:*:10027:10005:Administrator:/home/DOMAIN/administrator:/bin/zsh SID for DOMAIN\administrator: S-1-5-21-xxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-500 wbinfo --user-info="Test User" test user:*:10048:10005:Test User:/home/DOMAIN/test user:/bin/zsh SID for DOMAIN\test user: S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-1758 Have I made a mistake in the configuration? Andy
Andrew Lyon
2010-Mar-24 20:07 UTC
[Samba] IDMAP_RID with Winbind works for groups but not users
I've also tried storing the gid and uid in active directory by installing the nisprop dll and exposing the unix attributes in aduac, again it works for groups but not for users, users still have sequential uid and it differs between samba servers. Am I missing something? Could somebody post a example working config for consistent mapping of uid and gid to thise held in ad or using idmap_rid. Thanks Andy On 3/22/10, Andrew Lyon <andrew.lyon at gmail.com> wrote:> Hi, > > I've setup samba 3.4.7 to use idmap_rid as per the documentation: > > idmap backend = rid:DOMAIN=500-100000000 > idmap gid = 500-100000000 > imap uid = 500-100000000 > > It seems to work for groups: > > wbinfo --group-info="domain admins" > domain admins:x:100512 > > PsGetSid v1.43 - Translates SIDs to names and vice versa > Copyright (C) 1999-2006 Mark Russinovich > Sysinternals - www.sysinternals.com > > SID for DOMAIN\domain admins: > S-1-5-21-xxxxxxxxxx-xxxxxxxx-xxxxxxxxxx-512 > > But not for users: > > wbinfo --user-info=administrator > administrator:*:10027:10005:Administrator:/home/DOMAIN/administrator:/bin/zsh > > SID for DOMAIN\administrator: > S-1-5-21-xxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-500 > > wbinfo --user-info="Test User" > test user:*:10048:10005:Test User:/home/DOMAIN/test user:/bin/zsh > > SID for DOMAIN\test user: > S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-1758 > > Have I made a mistake in the configuration? > > Andy >-- Sent from my mobile device