Hi gents, I have a problem with winbindd uid/gid numbering on my Samba4 domain member server. This is my smb.conf: [global] netbios name = DOM-MEMBER workgroup = EXAMPLE security = ADS realm = EXAMPLE.COM encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 500-100000 idmap config ESSENCE:backend = ad idmap config ESSENCE:schema_mode = rfc2307 idmap config ESSENCE:range = 500-100000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes log level = 0 vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes [it_support] path = /data/it_support read only = no At first glance this appears to work ok. I am seeing lots of entries with getent passwd and groups appear to work correctly. However, there appear to be some anomalies with the uid numbering. For example, one users' uid on the main DC will be completely different to the same user on my domain member. A good majority of them are correct which has fooled me into thinking that the server is good for production, but as we've added other shares to this machine these discrepancies have become more apparent. Has anyone else hit similar numbering problems? Thanks, Chris. -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 alavoinecs.co.uk twitter.com/#!/alavoinecs linkedin.com/pub/chris-alavoine/39/606/192
These may not be the same or overlap. idmap config *:range = 500-100000 idmap config ESSENCE:range = 500-100000>-----Oorspronkelijk bericht----- >Van: chrisa at acs-info.co.uk >[mailto:samba-bounces at lists.samba.org] Namens Chris Alavoine >Verzonden: dinsdag 1 juli 2014 11:08 >Aan: samba at lists.samba.org >Onderwerp: [Samba] Samba4 domain member > >Hi gents, > >I have a problem with winbindd uid/gid numbering on my Samba4 >domain member >server. > >This is my smb.conf: > >[global] > > netbios name = DOM-MEMBER > workgroup = EXAMPLE > security = ADS > realm = EXAMPLE.COM > > encrypt passwords = yes > > idmap config *:backend = tdb > idmap config *:range = 500-100000 > idmap config ESSENCE:backend = ad > idmap config ESSENCE:schema_mode = rfc2307 > idmap config ESSENCE:range = 500-100000 > > winbind nss info = rfc2307 > > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > > log level = 0 > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > > >[it_support] > path = /data/it_support > read only = no > > > > >At first glance this appears to work ok. I am seeing lots of >entries with >getent passwd and groups appear to work correctly. However, >there appear to >be some anomalies with the uid numbering. For example, one >users' uid on >the main DC will be completely different to the same user on my domain >member. A good majority of them are correct which has fooled me into >thinking that the server is good for production, but as we've >added other >shares to this machine these discrepancies have become more apparent. > >Has anyone else hit similar numbering problems? > >Thanks, >Chris. > > >-- >ACS (Alavoine Computer Services Ltd) >Chris Alavoine >mob +44 (0)7724 710 730 >alavoinecs.co.uk >twitter.com/#!/alavoinecs >linkedin.com/pub/chris-alavoine/39/606/192 >-- >To unsubscribe from this list go to the following URL and read the >instructions: lists.samba.org/mailman/options/samba > >
and.>there appear to >be some anomalies with the uid numbering. For example, one >users' uid on >the main DC will be completely different to the same user on my domain >member. A good majority of them are correct which has fooled me into >thinking that the server is good for production, but as we've >added other >shares to this machine these discrepancies have become more apparent. > >Has anyone else hit similar numbering problems?That is correct, adviced is to use the DC only as DC and not as fileserver, this solves your UID problem with the member server. And IF you need the DC also as file server, you should look to for example and other implementation for winbind. read this : wiki.samba.org/index.php/Local_user_management_and_authentication and you should read this page (again) ;-) wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server and wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC Louis>-----Oorspronkelijk bericht----- >Van: chrisa at acs-info.co.uk >[mailto:samba-bounces at lists.samba.org] Namens Chris Alavoine >Verzonden: dinsdag 1 juli 2014 11:08 >Aan: samba at lists.samba.org >Onderwerp: [Samba] Samba4 domain member > >Hi gents, > >I have a problem with winbindd uid/gid numbering on my Samba4 >domain member >server. > >This is my smb.conf: > >[global] > > netbios name = DOM-MEMBER > workgroup = EXAMPLE > security = ADS > realm = EXAMPLE.COM > > encrypt passwords = yes > > idmap config *:backend = tdb > idmap config *:range = 500-100000 > idmap config ESSENCE:backend = ad > idmap config ESSENCE:schema_mode = rfc2307 > idmap config ESSENCE:range = 500-100000 > > winbind nss info = rfc2307 > > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > > log level = 0 > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > > >[it_support] > path = /data/it_support > read only = no > > > > >At first glance this appears to work ok. I am seeing lots of >entries with >getent passwd and groups appear to work correctly. However, >there appear to >be some anomalies with the uid numbering. For example, one >users' uid on >the main DC will be completely different to the same user on my domain >member. A good majority of them are correct which has fooled me into >thinking that the server is good for production, but as we've >added other >shares to this machine these discrepancies have become more apparent. > >Has anyone else hit similar numbering problems? > >Thanks, >Chris. > > >-- >ACS (Alavoine Computer Services Ltd) >Chris Alavoine >mob +44 (0)7724 710 730 >alavoinecs.co.uk >twitter.com/#!/alavoinecs >linkedin.com/pub/chris-alavoine/39/606/192 >-- >To unsubscribe from this list go to the following URL and read the >instructions: lists.samba.org/mailman/options/samba > >
On Tue, 2014-07-01 at 10:07 +0100, Chris Alavoine wrote:> Hi gents, > > I have a problem with winbindd uid/gid numbering on my Samba4 domain member > server. > > This is my smb.conf: > > [global] > > netbios name = DOM-MEMBER > workgroup = EXAMPLE > security = ADS > realm = EXAMPLE.COM > > encrypt passwords = yes > > idmap config *:backend = tdb > idmap config *:range = 500-100000 > idmap config ESSENCE:backend = ad > idmap config ESSENCE:schema_mode = rfc2307 > idmap config ESSENCE:range = 500-100000Hi, Has anyone done this one yet? Ranges are the same. Steve
yes, 11:11-11:17 ;-)>-----Oorspronkelijk bericht----- >Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org] >Namens steve >Verzonden: dinsdag 1 juli 2014 16:14 >Aan: Chris Alavoine >CC: samba at lists.samba.org >Onderwerp: Re: [Samba] Samba4 domain member > >On Tue, 2014-07-01 at 10:07 +0100, Chris Alavoine wrote: >> Hi gents, >> >> I have a problem with winbindd uid/gid numbering on my >Samba4 domain member >> server. >> >> This is my smb.conf: >> >> [global] >> >> netbios name = DOM-MEMBER >> workgroup = EXAMPLE >> security = ADS >> realm = EXAMPLE.COM >> >> encrypt passwords = yes >> >> idmap config *:backend = tdb >> idmap config *:range = 500-100000 >> idmap config ESSENCE:backend = ad >> idmap config ESSENCE:schema_mode = rfc2307 >> idmap config ESSENCE:range = 500-100000 > >Hi, >Has anyone done this one yet? Ranges are the same. >Steve > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: lists.samba.org/mailman/options/samba > >