John Mancuso
2013-Jan-30 20:09 UTC
[Samba] uid/gid not being used when logging into RHEL -> Windows Server 2012 Active Directory
I am using samba/winbind to connect a RHEL5.8 linux box to a new Windows Server box which has Unix Identity Mapping installed. So I have all the uidNumber/gidNumber stuff in the windows schema. I am able to login but I am not getting the right uid/gid. My AD uids start at around 800. FYI I am new to winbind. Apparently the ID mapping has changed again in samba 3.6 but I'm not really understanding. https://wiki.samba.org/index.php/Samba_3.6_Features_added/changed#ID_Mapping_Changes root at test:~ ?? 03:55 AM Thu Jan 31 ?? !546 # su - test9 su: warning: cannot change directory to /home/test9: No such file or directory -bash-3.2$ id uid=16777224(test9) gid=16777216(domain users) groups=16777216(domain users) -bash-3.2$ exit uid should be in the 8xx range. Not 1677224... Some info: smb.cnf: [global] workgroup = MYCOMPANY password server = pekdc01.mycompany.net realm = MYCOMPANY.NET security = domain idmap uid = 800-33554431 idmap gid = 16777216-33554431 idmap config MYCOMPANY: backend = ad template homedir = /home/%U template shell = /bin/bash winbind use default domain = true winbind offline logon = true idmap config MYCOMPANY : schema_mode = rfc2307 root at test:~ ?? 04:02 AM Thu Jan 31 ?? !548 # rpm -qa | grep samba samba3x-common-3.6.6-0.129.el5 samba3x-client-3.6.6-0.129.el5 samba3x-winbind-3.6.6-0.129.el5
John Mancuso
2013-Jan-31 17:17 UTC
[Samba] uid/gid not being used when logging into RHEL -> Windows Server 2012 Active Directory
update:
Looks like it's getting the proper shell and gid but not getting the proper
uid. Its just getting a number starting at 800 instead of the actual number.
Also when I output via wbinfo it is incorrect
[2013/02/01 00:51:38.469672, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_QueryUser: struct wbint_QueryUser
out: struct wbint_QueryUser
info : *
info: struct wbint_userinfo
acct_name : *
acct_name : 'test14'
full_name : *
full_name : 'test14'
homedir : *
homedir : '/home/test14'
shell : *
shell : '/bin/csh'
primary_gid : 0x000000000000032a (810)
user_sid :
S-1-5-21-1876082661-3791542598-1067495821-2113
group_sid :
S-1-5-21-1876082661-3791542598-1067495821-513
result : NT_STATUS_OK
[2013/02/01 00:51:38.470144, 10] winbindd/wb_sid2uid.c:56(wb_sid2uid_send)
idmap_cache_find_sid2uid found 800
[2013/02/01 00:51:38.470217, 10] winbindd/wb_sid2gid.c:57(wb_sid2gid_send)
idmap_cache_find_sid2gid found 800
[2013/02/01 00:51:38.470293, 10] winbindd/winbindd.c:678(wb_request_done)
wb_request_done[15762:GETPWUID]: NT_STATUS_OK
[2013/02/01 00:51:38.470475, 10]
winbindd/winbindd.c:739(winbind_client_response_written)
winbind_client_response_written[15762:GETPWUID]: delivered response to
client
[2013/02/01 00:51:38.470698, 10] winbindd/winbindd.c:616(process_request)
process_request: Handling async request 6544:GETPWUID
root at test:~ ?? 01:08 AM Fri Feb 01 ??
!842 # wbinfo -i test14
test14:*:800:800:test14:/home/test14:/bin/bash
[global]
workgroup = mycompany
password server = pekdc01.mycompany.net
realm = MYCOMPANY.NET
security = domain
winbind nss info = rfc2307
#idmap config * : backend = ad #THIS PREVENTS WINBIND FROM CONNECTING
idmap config * : range = 800-900000
idmap config * : schema_mode = rfc2307
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
HELP- pulling my hair out over this! Thanks