Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 05-01-2007, 06:58 AM   #1
LQ Newbie
Registered: Nov 2006
Posts: 7

Rep: Reputation: 0
winbind Active directory guid mapping problem fc6

I am using Fedora core 6 on two servers. They are both running samba-3.0.24-1.fc6.

They are both joined to a active directory domain. When I execute the following command

getent group

The first groups returned on server 1 are

BRENTWOOD-BBC+domain computers:*:10038:
BRENTWOOD-BBC+domain controllers:*:10039:

the getent group command outputs for server 2

BRENTWOOD-BBC+domain computers:*:10037:
BRENTWOOD-BBC+domain controllers:*:10038:

As, you can see the group id's are different for both servers. This happens with all groups in the active directory. This causes a problem when I try to use samba to mount to a directory on server 2. The file permission get confused as the group id's are different. My, smb.conf is the same on both servers :-

smb.conf :-

idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/BRENTWOOD-BBC/default
template shell = /bin/bash
winbind use default domain = false
winbind separator = +
winbind enum users = yes
winbind enum groups = yes

How do I match gid's on both servers? to allow me to match permission on both servers.

Many Thanks
Old 05-01-2007, 07:18 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
should you not be using the MSSFU AD extensions and holding this data within AD / LDAP itself? never really used them myself but the mapping there is done on a per client basis, so not held centrally and allocated on a first come first served basis. check this
Old 05-01-2007, 12:28 PM   #3
LQ Newbie
Registered: Dec 2004
Location: Southeast, US
Distribution: FC
Posts: 11

Rep: Reputation: 0
Flush Your ID Map Cache Too

In /etc/samba/smb.conf put the following:

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
idmap backend = rid:{WORKGROUPNAMEHERE}=16777216-33554431
Then delete the Samba ID Map Cache at


Then you can restart samba and it will freshly map all your domain entities as they log in.
Old 05-02-2007, 09:36 AM   #4
LQ Newbie
Registered: Nov 2006
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks for your help in this thread. Changed over to MSSFU AD and everything worked fine.

Also, upgraded to samba-3.0.24-1.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to offline login active directory user pam_ccreds and winbind kstan Linux - Security 0 10-03-2006 09:39 PM
Active Directory 2003 Integration (Winbind dead) matthewhardwick Fedora 2 09-16-2006 05:54 PM
SAMBA, WINBIND and KERBEROS against Windows 2000 Active Directory mago Linux - Networking 2 07-29-2006 12:52 AM
Best/simplist way to authenticate with active directory? WSFU, WINBIND, or ?? Fillys6 Linux - Networking 1 02-02-2006 10:28 PM
Samba 3.0.4 with winbind and active directory upgrade problem jhibbets Red Hat 0 08-16-2004 12:24 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:12 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration