Hi,
I'm using samba for login in Linux via Active Directory (win 2008).
In my Active Directory, there is a user "jin", and its primary
group is "xts", its supplementary group is "Domain Users". I
found that the gid mapping is inconsistent with different samba version. That
is:
For samba-4.4.4:
# id jin
uid=30000(jin) gid=30000(xts) groups=30000(xts),30001(domain users)
the gid is consistent with the AD
But samba-4.6.2:
# id jin
uid=40000(jin) gid=40000(domain users) groups=40000(domain users),40001(xts)
the gid is inconsistent with AD.
My conf in samba-4.4.4:
[global]
workgroup = TEST
security = ads
passdb backend = tdbsam
realm = test.com
idmap config *:backend = tdb
idmap config *:range = 30000-40000
template shell = /bin/bash
template homedir = /home/%U
printing = cups
printcap name = cups
load printers = yes
cups options = raw
winbind use default domain = true
...
And my conf in samba-4.6.2:
[global]
workgroup = TEST
security = ads
passdb backend = tdbsam
realm = test.com
idmap config *:backend = tdb
idmap config *:range = 40000-50000
template shell = /bin/bash
template homedir = /home/%U
printing = cups
printcap name = cups
load printers = yes
cups options = raw
winbind use default domain = true
...
Thanks~
Your 'range' in your 4.6.2 config is different than the one in your 4.4.4 config. Try setting it to: 'idmap config *:range = 30000-40000' , to see if the issue no longer occurs. On Tue, 2020-11-24 at 09:17 +0800, ??? via samba wrote:> Hi, > > ????I'm using samba for login in Linux via Active Directory (win > 2008). > > ????In my Active Directory, there is a user "jin", and its primary > group is "xts", its supplementary group is "Domain Users". I found > that the gid mapping is inconsistent with different samba version. > That is: > > For samba-4.4.4: > > # id jin > uid=30000(jin) gid=30000(xts) groups=30000(xts),30001(domain users) > > the gid is consistent with the AD > > But samba-4.6.2: > > # id jin > uid=40000(jin) gid=40000(domain users) groups=40000(domain > users),40001(xts) > > the gid is inconsistent with AD. > > My conf in samba-4.4.4: > > [global] > ????workgroup = TEST > ????security = ads > > ????passdb backend = tdbsam > > ????realm = test.com > > ????idmap config *:backend = tdb > ????idmap config *:range = 30000-40000 > > ????template shell = /bin/bash > ????template homedir = /home/%U > > ????printing = cups > ????printcap name = cups > ????load printers = yes > ????cups options = raw > ????winbind use default domain = true > ????... > > And my conf in samba-4.6.2: > > [global] > ????workgroup = TEST > ????security = ads > > ????passdb backend = tdbsam > > ????realm = test.com > > ????idmap config *:backend = tdb > ????idmap config *:range = 40000-50000 > > ????template shell = /bin/bash > ????template homedir = /home/%U > > ????printing = cups > ????printcap name = cups > ????load printers = yes > ????cups options = raw > ????winbind use default domain = true > ????... > > Thanks~
I have updated samba to 4.10.4: # rpm -qa | grep samba-4 samba-4.10.4-11.el7_8.x86_64 And update the conf: # cat /etc/samba/smb.conf | grep "config" idmap config *:backend = tdb idmap config *:range = 30000-40000 And reload config, restart winbind: # smbcontrol all reload-config # systemctl restart winbind But it did not work: # id jin uid=30000(jin) gid=30000(domain users) groups=30000(domain users),30001(xts) At 2020-11-24 09:55:33, "Abi" <adhanani at abdha.com> wrote:>Your 'range' in your 4.6.2 config is different than the one in your >4.4.4 config. Try setting it to: 'idmap config *:range = 30000-40000' , >to see if the issue no longer occurs. > >On Tue, 2020-11-24 at 09:17 +0800, ??? via samba wrote: >> Hi, >> >> ????I'm using samba for login in Linux via Active Directory (win >> 2008). >> >> ????In my Active Directory, there is a user "jin", and its primary >> group is "xts", its supplementary group is "Domain Users". I found >> that the gid mapping is inconsistent with different samba version. >> That is: >> >> For samba-4.4.4: >> >> # id jin >> uid=30000(jin) gid=30000(xts) groups=30000(xts),30001(domain users) >> >> the gid is consistent with the AD >> >> But samba-4.6.2: >> >> # id jin >> uid=40000(jin) gid=40000(domain users) groups=40000(domain >> users),40001(xts) >> >> the gid is inconsistent with AD. >> >> My conf in samba-4.4.4: >> >> [global] >> ????workgroup = TEST >> ????security = ads >> >> ????passdb backend = tdbsam >> >> ????realm = test.com >> >> ????idmap config *:backend = tdb >> ????idmap config *:range = 30000-40000 >> >> ????template shell = /bin/bash >> ????template homedir = /home/%U >> >> ????printing = cups >> ????printcap name = cups >> ????load printers = yes >> ????cups options = raw >> ????winbind use default domain = true >> ????... >> >> And my conf in samba-4.6.2: >> >> [global] >> ????workgroup = TEST >> ????security = ads >> >> ????passdb backend = tdbsam >> >> ????realm = test.com >> >> ????idmap config *:backend = tdb >> ????idmap config *:range = 40000-50000 >> >> ????template shell = /bin/bash >> ????template homedir = /home/%U >> >> ????printing = cups >> ????printcap name = cups >> ????load printers = yes >> ????cups options = raw >> ????winbind use default domain = true >> ????... >> >> Thanks~