[Samba] Samba 3.5 uid gid winbindd_idmap.tdb severe problems

Tue, 24 May 2011 06:23:10 -0700 

Hello all,
right now I am using Samba 3.0.33 on Centos 5.6. The users need to
access the files from Linux and from Windows so I maintain the
Linux users in nis and the Windows users in AD. Samba is AD integrated.
I am using an custom python script that collects some data from nis and
from winbindd_idmap.tdb, creates a new file and imports it into
winbindd_idmap.tdb. This works remarkably well. Known users get mapped
to the same uid that they have on Linux. The same happens with the groups too. 
The rest gets an id from the range defined in smb.conf.
I need/want to upgrade samba to Samba 3.5 and here my problems begin.
My script creates winbindd_idmap.tdb like before and with net idmap dump I am able to check that is has the correct mappings (the mappings that I want). Unfortunately they never take effect. No matter what i do Samba seems to not read the file anymore. id -a $usernames shows me a list where every group is twice in. The first with the nis gid and the second with the idmap gid. Reading through a lot of stuff the last 3 days I came across this wbinfo 
commands that should do the same but show me that the mapping fails.
Here is a small session that show what happens:
id -a testuser
uid=1042(testuser) gid=2000(testgroup) groups=2000(testgroup) ...... 11000(testgroup) 
# the first one from nis the second from winbind
# we try to map the gid to the sid from AD
wbinfo -n testgroup
S-1-5-21-966306815-3935059601-1604263782-1350 SID_DOM_GROUP (2)
wbinfo --set-gid-mapping=2000,S-1-5-21-966306815-3935059601-1604263782-1350 gid 2000 now mapped to sid S-1-5-21-966306815-3935059601-1604263782-1350 # !! he lies I prove it 
wbinfo --gid-to-sid=2000
Could not convert gid 2000 to sid
wbinfo --gid-to-sid=11000
S-1-5-21-966306815-3935059601-1604263782-1350
wbinfo --sid-to-gid=S-1-5-21-966306815-3935059601-1604263782-1350
11000


Could anybody please enlighten me?
Here is my smb.conf


[global]
    realm = example.com
    security = ADS
    workgroup = example
    encrypt passwords = yes
    password server = *
    netbios name = testserver
    idmap backend         = tdb
    #idmap alloc backend   = tdb
    idmap uid = 11000-12000
    idmap gid = 11000-12000
    winbind enum users = yes
    winbind enum groups = yes
    winbind cache time = 1
    encrypt passwords = yes
    winbind use default domain = Yes
    winbind nested groups = Yes
    log level = 2
    enable privileges = yes
    nt acl support = yes
    client use spnego = yes
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 
    log file = /var/log/samba/%U.%m.log

Thank you



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to