Hi, no, that's my fault. I changed the UIDs and user names in my "ls -l" to unpersonalized/example data for my mail and didn't think about putting these values into the range. A better unpersonalized data example would look like: ---------- drwx------ 43 DOM\user1 DOM\group 4096 Jan 10 08:00 user1 drwx------ 5 DOM\user2 DOM\group 4096 Jan 11 08:13 user2 drwx------ 3 10234 DOM\group 4096 Sep 7 2015 user3 drwx------ 7 10235 DOM\group 4096 Apr 30 2013 user4 drwx------ 12 DOM\user5 DOM\group 4096 Jan 4 12:46 user5 drwx------ 2 10236 DOM\group 4096 Jul 1 2015 user6 .... When we run a "wbinfo --uid-info" for an unmapped user, we are getting: > wbinfo --uid-info=10234 failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for uid 10234 When we run "wbinfo -i" for that user, everything works fine. > wbinfo -i DOM\\user3 DOM\user3:*:10234:10001::/home/user3:/bin/bash After the last command (wbinfo -i DOM\\user3) also "wbinfo --uid-info=10234" shows the correct result and the "ls -l" list also list the user name instead of the uid. --------- Am 16.01.2018 um 16:06 schrieb Rowland Penny via samba:> On Tue, 16 Jan 2018 15:22:44 +0100 > Andreas Hauffe via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> we are running a file server as member server of a windows 2012 >> domain. Now we are facing the problem, that some UIDs are not mapped >> to the user names by the running winbindd process. This results in >> "nobody" usernames for nfs shares mounted by other clients. >> >> When doing an "ls -l" in the homes directory on the member server >> (file server), the list looks like: >> >> drwx------ 43 DOM\user1 DOM\group 4096 Jan 10 08:00 user1 >> drwx------ 5 DOM\user2 DOM\group 4096 Jan 11 08:13 user2 >> drwx------ 3 1234 DOM\group 4096 Sep 7 2015 >> user3 drwx------ 7 1235 DOM\group 4096 Apr 30 >> 2013 user4 drwx------ 12 DOM\user5 DOM\group 4096 Jan 4 >> 12:46 user5 drwx------ 2 1236 DOM\group 4096 >> Jul 1 2015 user6 .... >> >> When we run a "wbinfo --uid-info" for an unmapped user, we are >> getting: >> >> > wbinfo --uid-info=1234 >> failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND >> Could not get info for uid 1234 >> >> When we run "wbinfo -i" for that user, everything works fine. >> >> > wbinfo -i DOM\\user3 >> DOM\user3:*:1234:1000::/home/user3:/bin/bash >> >> After the last command (wbinfo -i DOM\\user3) also "wbinfo >> --uid-info=1234" shows the correct result and the "ls -l" list also >> list the user name instead of the uid. >> >> So the question is, if there is any limit for the UID to user name >> mapping in winbind, since the problem started while increasing the >> number of clients and users. >> >> smb.conf looks like: >> >> [global] >> security = ADS >> workgroup = DOM2 >> realm = DOM2.DOM.EXAMPLE.DE >> dedicated keytab file = /etc/krb5.keytab >> kerberos method = secrets and keytab >> >> template homedir = /home/%U >> template shell = /bin/bash >> >> idmap config * : backend = tdb >> idmap config * : range = 2000-2999 >> idmap config DOM2 : backend = rid >> idmap config DOM2 : range = 3000-9999 # UID aus RID für POOL >> idmap config DOM : backend = rid >> idmap config DOM : range = 10000-9999999 # UID aus RID für DOM >> >> winbind refresh tickets = yes >> >> nsswitch.conf looks like: >> >> passwd: compat winbind >> group: compat winbind >> shadow: compat >> gshadow: files >> >> hosts: files dns >> networks: files >> >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> netgroup: nis >> sudoers: files >> >> idmapd.conf looks like: >> >> [General] >> >> Verbosity = 0 >> Pipefs-Directory = /run/rpc_pipefs >> Domain = dom2.dom.example.de >> Local-Realms = DOM2.DOM.EXAMPLE.DE,DOM.EXAMPLE.DE >> >> [Mapping] >> >> Nobody-User = nobody >> Nobody-Group = nogroup >> >> krb5.conf looks like: >> >> [libdefaults] >> default_realm = DOM2.DOM.TU-DRESDEN.DE >> dns_lookup_realm = true >> dns_lookup_kdc = true >> >> > Is the user '1234' stored in AD or /etc/passwd ? > > From the number '1234' it is not a member of 'DOM' (range > 10000-9999999), or 'DOM2' (range 3000-9999) or a member of '*' (range > 2000-2999), it looks like it is probably a local Unix user. > > Rowland > >-- Viele Grüße Andreas Hauffe Leiter des Forschungsfeldes "Auslegungsmethoden für Luftfahrzeuge" ---------------------------------------------------------------------------------------------------- Technische Universität Dresden Institut für Luft- und Raumfahrttechnik / Institute of Aerospace Engineering Lehrstuhl für Luftfahrzeugtechnik / Chair of Aircraft Engineering D-01062 Dresden Germany phone : +49 (351) 463 38496 fax : +49 (351) 463 37263 mail : andreas.hauffe at tu-dresden.de Website : http://tu-dresden.de/mw/ilr/lft ---------------------------------------------------------------------------------------------------- Do you know our free laminate analysis code eLamX²? If not, please visit the following web address: http://www.elamx.de
On Tue, 16 Jan 2018 16:20:52 +0100 Andreas Hauffe via samba <samba at lists.samba.org> wrote:> Hi, > > no, that's my fault. I changed the UIDs and user names in my "ls -l" > to unpersonalized/example data for my mail and didn't think about > putting these values into the range. A better unpersonalized data > example would look like: > > ---------- > > drwx------ 43 DOM\user1 DOM\group 4096 Jan 10 08:00 user1 > drwx------ 5 DOM\user2 DOM\group 4096 Jan 11 08:13 user2 > drwx------ 3 10234 DOM\group 4096 Sep 7 2015 > user3 drwx------ 7 10235 DOM\group 4096 Apr 30 > 2013 user4 drwx------ 12 DOM\user5 DOM\group 4096 Jan 4 > 12:46 user5 drwx------ 2 10236 DOM\group 4096 > Jul 1 2015 user6 .... > > When we run a "wbinfo --uid-info" for an unmapped user, we are > getting: > > > wbinfo --uid-info=10234 > failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for uid 10234 > > When we run "wbinfo -i" for that user, everything works fine. > > > wbinfo -i DOM\\user3 > DOM\user3:*:10234:10001::/home/user3:/bin/bash > > After the last command (wbinfo -i DOM\\user3) also "wbinfo > --uid-info=10234" shows the correct result and the "ls -l" list also > list the user name instead of the uid. >Please don't mess with the numbers, '10234' is still an invalid ID. You are using the 'rid' backend and this calculates the ID from the RID with: ID = RID - BASE_RID + LOW_RANGE_ID To calculate the RID from the ID, you would use: RID = ID + BASE_RID - LOW_RANGE_ID the 'BASE_RID' is always '0' (unless you set it) so the above becomes: RID = 10234 - 10000 RID = 234 Please post again with the CORRECT IDs, a number cannot be that secret ;-) Rowland
Ok, you are completely right. Here are the real numbers with changed user names: drwx------ 43 DOM\user1 DOM\domain-user 4096 Jan 10 08:00 user1 drwx------ 5 DOM\user2 DOM\domain-user 4096 Jan 11 08:13 user2 drwx------ 92 DOM\user3 DOM\domain-user 4096 Jan 16 08:39 user3 drwx------ 3 133265 DOM\domain-user 4096 Sep 7 2015 user4 drwx------ 7 470055 DOM\domain-user 4096 Apr 30 2013 user5 drwx------ 12 DOM\user6 DOM\domain-user 4096 Jan 4 12:46 user6 drwx------ 51 DOM\user7 DOM\domain-user 4096 Jan 15 23:01 user7 drwx------ 2 95092 DOM\domain-user 4096 Jul 1 2015 user8 drwx------ 3 DOM\user9 DOM\domain-user 4096 Jun 8 2015 user9 .... drwx------ 7 DOM\user200 DOM\domain-user 4096 Nov 6 2012 user200 > wbinfo --uid-info=133265 failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for uid 133265 > wbinfo -i DOM\\user4 DOM\user4:*:133265:10513::/home/user4:/bin/bash After the last command (wbinfo -i DOM\\user4) also "wbinfo --uid-info=133265" shows the correct result and the "ls -l" list also list the user name instead of the uid. Am 16.01.2018 um 16:38 schrieb Rowland Penny via samba:> On Tue, 16 Jan 2018 16:20:52 +0100 > Andreas Hauffe via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> no, that's my fault. I changed the UIDs and user names in my "ls -l" >> to unpersonalized/example data for my mail and didn't think about >> putting these values into the range. A better unpersonalized data >> example would look like: >> >> ---------- >> >> drwx------ 43 DOM\user1 DOM\group 4096 Jan 10 08:00 user1 >> drwx------ 5 DOM\user2 DOM\group 4096 Jan 11 08:13 user2 >> drwx------ 3 10234 DOM\group 4096 Sep 7 2015 >> user3 drwx------ 7 10235 DOM\group 4096 Apr 30 >> 2013 user4 drwx------ 12 DOM\user5 DOM\group 4096 Jan 4 >> 12:46 user5 drwx------ 2 10236 DOM\group 4096 >> Jul 1 2015 user6 .... >> >> When we run a "wbinfo --uid-info" for an unmapped user, we are >> getting: >> >> > wbinfo --uid-info=10234 >> failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND >> Could not get info for uid 10234 >> >> When we run "wbinfo -i" for that user, everything works fine. >> >> > wbinfo -i DOM\\user3 >> DOM\user3:*:10234:10001::/home/user3:/bin/bash >> >> After the last command (wbinfo -i DOM\\user3) also "wbinfo >> --uid-info=10234" shows the correct result and the "ls -l" list also >> list the user name instead of the uid. >> > Please don't mess with the numbers, '10234' is still an invalid ID. You > are using the 'rid' backend and this calculates the ID from the RID > with: > > ID = RID - BASE_RID + LOW_RANGE_ID > > To calculate the RID from the ID, you would use: > > RID = ID + BASE_RID - LOW_RANGE_ID > > the 'BASE_RID' is always '0' (unless you set it) so the above becomes: > > RID = 10234 - 10000 > > RID = 234 > > Please post again with the CORRECT IDs, a number cannot be that > secret ;-) > > Rowland >-- Viele Grüße Andreas Hauffe Leiter des Forschungsfeldes "Auslegungsmethoden für Luftfahrzeuge" ---------------------------------------------------------------------------------------------------- Technische Universität Dresden Institut für Luft- und Raumfahrttechnik / Institute of Aerospace Engineering Lehrstuhl für Luftfahrzeugtechnik / Chair of Aircraft Engineering D-01062 Dresden Germany phone : +49 (351) 463 38496 fax : +49 (351) 463 37263 mail : andreas.hauffe at tu-dresden.de Website : http://tu-dresden.de/mw/ilr/lft ---------------------------------------------------------------------------------------------------- Do you know our free laminate analysis code eLamX²? If not, please visit the following web address: http://www.elamx.de