You should remove 'winbind' from the shadow line, it isn't required and can do strange things. I removed winbind from the shadow line. You are using the 'rid' idmap backend and this calculates the Unix ID from the RID along with the low range set in smb.conf (in your case '1000'), but any that end up higher than the high range (in your case '2999999') will be ignored, could this be your problem ? I don't think so. wbinfo -n shows RID = 6880, my uid = 3578 which should be in range. For reference 'smbstatus' on all servers, working or not, CentOS 6 or 7 shows correct user in the "PID Username Group Machine" section, but under "Locked files:" always shows a number that doesn't seem to correlate to anything. Is that correct behavior? Dumb question: Using 'rid' idmap backend, should files be created with the user's UID that is in AD, or RID + offset? I would rather use ad backend but I've never gotten that to work reliably except in CentOS 7. Thanks, jim This email and any attachments may contain information that is confidential and/or privileged for the sole use of the intended recipient. Any use, review, disclosure, copying, distribution or reliance by others, and any forwarding of this email or its contents, without the express permission of the sender is strictly prohibited by law. If you are not the intended recipient, please contact the sender immediately, delete the e-mail and destroy all copies.
On Wed, 2022-05-11 at 13:16 +0000, Jim Brand wrote:> You should remove 'winbind' from the shadow line, it isn't required > and can do strange things. > I removed winbind from the shadow line. > > You are using the 'rid' idmap backend and this calculates the Unix ID > from the RID along with the low range set in smb.conf (in your case > '1000'), but any that end up higher than the high range (in your case > '2999999') will be ignored, could this be your problem ? > > I don't think so. wbinfo -n shows RID = 6880, my uid = 3578 which > should be in range.There is a problem with your uid, in your smb.conf you posted this: idmap config MYGROUP : backend = rid idmap config MYGROUP : range = 1000-2999999 The 'rid' idmap backend calculates the ID from the RID + the low range set in smb.conf with this formula: ID = RID + LOW_RANGE_ID So, in your case: ID = 6880 + 1000 ID = 7880 You are saying that your uid (or ID) is '3578', but : 3578 != 7880 So where is it coming from ????> For reference 'smbstatus' on all servers, working or not, CentOS 6 or > 7 shows correct user in the > "PID Username Group Machine" > > section, but under > "Locked files:" > always shows a number that doesn't seem to correlate to > anything. Is that correct behavior? > > Dumb question: Using 'rid' idmap backend, should files be created > with the user's UID that is in AD, or RID + offset?See above, but the UID should be mapped to the users name.> I would rather use ad backend but I've never gotten that to work > reliably except in CentOS 7.It has worked reliably for myself since 2012, you just have to understand that users must have a uidnumber attribute, groups must have a gidNumber attribute and all of these attributes must contain numbers inside the 'DOMAIN' range you set in smb.conf Rowland