Hi all,
I'm trying to set up a samba (3.6.6, debian wheezy 64bit) member server on
a 2008R2 domain. I'd like to be able to specify the uidnumbers users get on
here in AD but I'm getting really erratic results.
I've tried changing various range options, and as far as I can tell it
works sometimes, but not others - don't know why.
I have 2 users I've specifically set up, with uidnumbers in their AD
objects set:
jpotter - uidnumber 2449
jingram - uidnumber 2337
Here is an excerpt from getent passwd:
jingram:*:2338:20000:June Ingram:/home/BECAUSE/jingram:/bin/false
jpotter:*:20007:20000:Jim Potter:/home/BECAUSE/jpotter:/bin/false
- so it works for June but not Jim...
I've tried deleting all tdb files in /var/lib/samba and /var/cache/samba
and rejoined domain, and these uidnumbers seem to stick. I can't find them
in AD anywhere. Does anyone know what gives here?
cheers
Jim
Here is the smb.conf file:
[global]
security = ADS
workgroup = because
realm = BECAUSE.ORG.UK
log level = 3
log file = /var/log/samba/log
load printers = no
idmap cache time = 1800
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
winbind use default domain = Yes
winbind refresh tickets = yes
winbind normalize names = yes
idmap config * : base_rid = 0
idmap config * : backend = tdb
idmap config * : range = 1000 - 60000
# idmap config BECAUSE : default = yes
# idmap config BECAUSE : backend = ad
# idmap config BECAUSE : schema_mode = rfc2307
# idmap config BECAUSE : range = 1000-8000
# idmap config BECAUSE : cache time = 1800
### idmap alloc config:range = 5000-9999
Hi JAB I've tried this every whichway, including making ranges not overlap. It looks to me to depend on this line: idmap config BECAUSE : range = 1000-8000 If I add it, wbinfo <SID-ToUID option> for jingram gives a UID of 2338, but no getent passwd entry. If I remove it, getent passwd jingram gives a uidnumber in the idmap config * : range =... range. I can't replicate the state of affairs I had in the first email where one user had the correct uidnumber - no users have the correct number now. Does it make any difference that the BECAUSE domain trusts another domain? I've tried it on samba4 as well now. what goes on? Does anyone have this setup working? If anyone could send me a complete smb.conf that works for them, I could start narrowing down where the problem is here. cheers Jim On 4 June 2013 13:57, Jonathan Buzzard <jonathan at buzzard.me.uk> wrote:> On Tue, 2013-06-04 at 13:20 +0100, Jim Potter wrote: > > [SNIP] > > > idmap config * : base_rid = 0 > > idmap config * : backend = tdb > > idmap config * : range = 1000 - 60000 > > > > # idmap config BECAUSE : default = yes > > # idmap config BECAUSE : backend = ad > > # idmap config BECAUSE : schema_mode = rfc2307 > > # idmap config BECAUSE : range = 1000-8000 > > # idmap config BECAUSE : cache time = 1800 > > ### idmap alloc config:range = 5000-9999 > > Two backends with overlapping ranges, won't work. The ranges *must* be > orthogonal. > > JAB. > > -- > Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk > Fife, United Kingdom. > >