Georg.Biberger at partner.bmw.de
2020-Jul-06 07:28 UTC
[Samba] Issues with FLOCK on NFS Share
>Your user has the RID 1581344 and the 'rid' backend uses this along >with the low range to calculate the users Unix ID, so from the commented >line, this would be:>79846 + 1581344 = 1661190>This is less than the high range, so would be valid.>But if you use '100001-500000000' for the range, the ID would be:>100001 + 1581344 = 1681345>This would be a valid ID as well.>RowlandHow can i achieve that the user qqeda11 is mapped to the the unix id 79846? Background: All NFS files are only accessible by unix user qqeda11 with unix id 79846! Georg
On 06/07/2020 08:28, Georg.Biberger--- via samba wrote:> How can i achieve that the user qqeda11 is mapped to the the unix id 79846? > Background: All NFS files are only accessible by unix user qqeda11 with unix id 79846! > > GeorgWhere does '79846' come from ? If you run this: cat /etc/passwd | grep 'qqeda11' Do you get something like this: qqeda11:x:79846:79846:qqeda11,,,:/home/qqeda11:/bin/bash If you do, then your user isn't an AD user. If you read 'man idmap_rid', you will find the calculation to map an AD user to a Unix ID: ID = RID - BASE_RID + LOW_RANGE_ID BASE_RID is usually 0 but you can set it to what you want WARNING, BOTCH AHEAD So, as you want the user to have the Unix ID 79846 and the user has the RID 1581344 in AD, you could set the low range to 0, this would end up with the calculation becoming: 79846 = 1581344 - 1501498 + 0 You would need these lines in smb.conf: idmap config MUC : backend???? = rid idmap config MUC : range = 0-500000000 idmap config MUC : base_rid = 1501498 This would work for one ID '79846', I cannot be sure about another ID's BOTCH END There must be a better way of doing this, you could use the 'ad' backend, but this would entail adding uidNumber & gidNumber attributes to AD, but you could give 'qqeda11' the exact Unix ID you require. Rowland
Georg.Biberger at partner.bmw.de
2020-Jul-06 14:30 UTC
[Samba] Issues with FLOCK on NFS Share
Hello, When I run "cat /etc/passwd | grep 'qqeda11'", on my linux box, I get: qqeda11:x:79846:65600:Project Account for EDA:/home/qqeda11:/bin/bash When I run "wmic useraccount where (name='qqeda11' and domain='MUC') get name, sid" on my windows box, I get: Name SID qqeda11 S-1-5-21-43206524-2104247658-1151357142-1581344 so the user is an AD user, but also an unix user. I think this is a legal construct. Is there another way to tell samba to use the correct mapping? What about modifying winbindd_idmap.tdb manually? Georg