I'm pretty sure you need to clear your winbind cache after modifying
the range. I can't find any official documentation on it anywhere, but
I think the process goes like:
systemctl stop winbind
systemctl stop smbd
net cache flush
systemctl start winbind
systemctl start smbd
If that doesn't work you could try clearing the tdb files and the group
mapping ldb file in /var/lib/samba ( after making a backup ). This user
had some luck with it: https://serverfault.com/questions/476086/samba-w
inbind-user-resolution
On Tue, 2020-11-24 at 10:24 +0800, ??? via samba wrote:> I have updated samba to 4.10.4:
>
> # rpm -qa | grep samba-4
> samba-4.10.4-11.el7_8.x86_64
>
> And update the conf:
>
> # cat /etc/samba/smb.conf | grep "config"
> idmap config *:backend = tdb
> idmap config *:range = 30000-40000
>
> And reload config, restart winbind:
>
> # smbcontrol all reload-config
> # systemctl restart winbind
>
> But it did not work:
>
> # id jin
> uid=30000(jin) gid=30000(domain users) groups=30000(domain
> users),30001(xts)
>
> At 2020-11-24 09:55:33, "Abi" <adhanani at abdha.com>
wrote:
> > Your 'range' in your 4.6.2 config is different than the one in
your
> > 4.4.4 config. Try setting it to: 'idmap config *:range = 30000-
> > 40000' ,
> > to see if the issue no longer occurs.?
> >
> > On Tue, 2020-11-24 at 09:17 +0800, ??? via samba wrote:
> > > Hi,
> > >
> > > ????I'm using samba for login in Linux via Active Directory
(win
> > > 2008).
> > >
> > > ????In my Active Directory, there is a user "jin", and
its
> > > primary
> > > group is "xts", its supplementary group is "Domain
Users". I
> > > found
> > > that the gid mapping is inconsistent with different samba
> > > version.
> > > That is:
> > >
> > > For samba-4.4.4:
> > >
> > > # id jin
> > > uid=30000(jin) gid=30000(xts) groups=30000(xts),30001(domain
> > > users)
> > >
> > > the gid is consistent with the AD
> > >
> > > But samba-4.6.2:
> > >
> > > # id jin
> > > uid=40000(jin) gid=40000(domain users) groups=40000(domain
> > > users),40001(xts)
> > >
> > > the gid is inconsistent with AD.
> > >
> > > My conf in samba-4.4.4:
> > >
> > > [global]
> > > ????workgroup = TEST
> > > ????security = ads
> > >
> > > ????passdb backend = tdbsam
> > >
> > > ????realm = test.com
> > >
> > > ????idmap config *:backend = tdb
> > > ????idmap config *:range = 30000-40000
> > >
> > > ????template shell = /bin/bash
> > > ????template homedir = /home/%U
> > >
> > > ????printing = cups
> > > ????printcap name = cups
> > > ????load printers = yes
> > > ????cups options = raw
> > > ????winbind use default domain = true
> > > ????...
> > >
> > > And my conf in samba-4.6.2:
> > >
> > > [global]
> > > ????workgroup = TEST
> > > ????security = ads
> > >
> > > ????passdb backend = tdbsam
> > >
> > > ????realm = test.com
> > >
> > > ????idmap config *:backend = tdb
> > > ????idmap config *:range = 40000-50000
> > >
> > > ????template shell = /bin/bash
> > > ????template homedir = /home/%U
> > >
> > > ????printing = cups
> > > ????printcap name = cups
> > > ????load printers = yes
> > > ????cups options = raw
> > > ????winbind use default domain = true
> > > ????...
> > >
> > > Thanks~