On Tue, 2022-05-10 at 18:42 +0000, Jim Brand via samba wrote:> What does the Uid under the Locked files: section output of smbstatus > signify?It signifies the username, unless it cannot be resolved to a name, when the ID number will be used.> Reason I ask is that some of our CentOS 6 servers running samba- > 3.6.23-53 are creating files with this UID instead of user specified > in the config file: > > force user = someuser > > Yes, we are doing our best to upgrade to CentOS 7 and a supported > samba version. But until we do.... > > My smb.conf - > > [global] > security = ADS > workgroup = MYGROUP > realm = MYGROUP.COM > encrypt passwords = yes > client use spnego = yes > client signing = yes > kerberos method = secrets and keytab > server schannel = yes > log level = 3 > max log size = 500 > log file = /var/log/samba/log.%h.%m > idmap config MYGROUP : backend = rid > idmap config MYGROUP : range = 1000-2999999 > idmap config * : backend = tdb > idmap config * : range = 3000000-39999999 > winbind cache time = 300 > winbind nss info = sfu > winbind use default domain = yes > winbind refresh tickets = yes > map to guest = Bad User > wide links = No > unix extensions = No > load printers = No > printcap name = /dev/null > max protocol = SMB2 > include = /usr/local/custom.conf > -------------------------------------------------- > From nsswitch.conf > > passwd: files winbind > shadow: files winbind > group: files winbindYou should remove 'winbind' from the shadow line, it isn't required and can do strange things. You are using the 'rid' idmap backend and this calculates the Unix ID from the RID along with the low range set in smb.conf (in your case '1000'), but any that end up higher than the high range (in your case '2999999') will be ignored, could this be your problem ? Rowland
You should remove 'winbind' from the shadow line, it isn't required and can do strange things. I removed winbind from the shadow line. You are using the 'rid' idmap backend and this calculates the Unix ID from the RID along with the low range set in smb.conf (in your case '1000'), but any that end up higher than the high range (in your case '2999999') will be ignored, could this be your problem ? I don't think so. wbinfo -n shows RID = 6880, my uid = 3578 which should be in range. For reference 'smbstatus' on all servers, working or not, CentOS 6 or 7 shows correct user in the "PID Username Group Machine" section, but under "Locked files:" always shows a number that doesn't seem to correlate to anything. Is that correct behavior? Dumb question: Using 'rid' idmap backend, should files be created with the user's UID that is in AD, or RID + offset? I would rather use ad backend but I've never gotten that to work reliably except in CentOS 7. Thanks, jim This email and any attachments may contain information that is confidential and/or privileged for the sole use of the intended recipient. Any use, review, disclosure, copying, distribution or reliance by others, and any forwarding of this email or its contents, without the express permission of the sender is strictly prohibited by law. If you are not the intended recipient, please contact the sender immediately, delete the e-mail and destroy all copies.