LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-01-2007, 05:58 AM   #1
BarryLinux
LQ Newbie
 
Registered: Nov 2006
Posts: 7

Rep: Reputation: 0
winbind Active directory guid mapping problem fc6


Hello,
I am using Fedora core 6 on two servers. They are both running samba-3.0.24-1.fc6.

They are both joined to a active directory domain. When I execute the following command

getent group

The first groups returned on server 1 are

BRENTWOOD-BBC+domain computers:*:10038:
BRENTWOOD-BBC+domain controllers:*:10039:

the getent group command outputs for server 2

BRENTWOOD-BBC+domain computers:*:10037:
BRENTWOOD-BBC+domain controllers:*:10038:

As, you can see the group id's are different for both servers. This happens with all groups in the active directory. This causes a problem when I try to use samba to mount to a directory on server 2. The file permission get confused as the group id's are different. My, smb.conf is the same on both servers :-

smb.conf :-

realm = BRENTWOOD.LOCAL
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/BRENTWOOD-BBC/default
template shell = /bin/bash
winbind use default domain = false
winbind separator = +
winbind enum users = yes
winbind enum groups = yes

How do I match gid's on both servers? to allow me to match permission on both servers.

Many Thanks
Barry
 
Old 05-01-2007, 06:18 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
should you not be using the MSSFU AD extensions and holding this data within AD / LDAP itself? never really used them myself but the mapping there is done on a per client basis, so not held centrally and allocated on a first come first served basis. check this http://www.samba.org/samba/docs/man/.../idmapper.html
 
Old 05-01-2007, 11:28 AM   #3
supasta
LQ Newbie
 
Registered: Dec 2004
Location: Southeast, US
Distribution: FC
Posts: 11

Rep: Reputation: 0
Flush Your ID Map Cache Too

In /etc/samba/smb.conf put the following:

Code:
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
idmap backend = rid:{WORKGROUPNAMEHERE}=16777216-33554431
Then delete the Samba ID Map Cache at

/var/cache/samba/group_mapping.tdb

Then you can restart samba and it will freshly map all your domain entities as they log in.
 
Old 05-02-2007, 08:36 AM   #4
BarryLinux
LQ Newbie
 
Registered: Nov 2006
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks for your help in this thread. Changed over to MSSFU AD and everything worked fine.

Also, upgraded to samba-3.0.24-1.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to offline login active directory user pam_ccreds and winbind kstan Linux - Security 0 10-03-2006 08:39 PM
Active Directory 2003 Integration (Winbind dead) matthewhardwick Fedora 2 09-16-2006 04:54 PM
SAMBA, WINBIND and KERBEROS against Windows 2000 Active Directory mago Linux - Networking 2 07-28-2006 11:52 PM
Best/simplist way to authenticate with active directory? WSFU, WINBIND, or ?? Fillys6 Linux - Networking 1 02-02-2006 09:28 PM
Samba 3.0.4 with winbind and active directory upgrade problem jhibbets Red Hat 0 08-16-2004 11:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration