[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question on Winbind



Mark Roach wrote:


On Sun, 2003-01-19 at 20:35, Debian User wrote:

Hi, I have been pulling out hair on this one.
I am trying to get a debian box to share files to an NT 4 network. I installed Samba, works great. I also installed Winbind and that also works, but I have a problem when trying to set file permissions.
When I do a - getent group or a - getent passwd the mappings show from the NT PDC but the uid and gid are identical on some users. Like say User1 has a uid of 10004, but looking at getent group shows that 10004 is the GID for Domain Users on the NT box. So, basically the UID and GID are the same for some users and groups. This is causing a serious problem when trying to set permissions on certain folders for users. 


Having identical numbers for groups and users is not a conflict, it is
numbering different things. You can be user #123 in group #123 or you
can be user #456 in group #789, they do not conflict with each other.
Thanks a bunch Mark, now that I think about it, I guess your correct about the group UID numbers, I guess I was use to seeing on my local box totally different numbers in the /etc/group file so I assumed they had to be different and I kinda changed my direction at that point to solve the number conflict, when it was actually ok. I also saw other post that said they had to be different.
All the instructions I have see say to set the lines -- winbind uid = 10000-20000 and winbind gid = 10000-20000 in the smb.conf.
So I figured Linux would give the id numbers a first come first basis, but it abviously dosent.
I have completely uninstalled, purged and reinstalled both Samba and Winbind, and still the same mappings. I have also changed the smb.conf file to give completely different mappings of --winbind uid = 15000-20000 - winbind gid = 20001-25000 , but when I do a getent group or getent passwd it still shows mappings starting at 10000. I have restarted all the related services and rebooted the machine, still no luck. It is authenticating properly to the domain when browsing, but I really need to get proper permissions set. I searched the web for 2 hours and didn't find a bit of info on this problem. I'm stuck.
It's as if there is a database file somewhere in the system that has kept this information from my orgional install and won't give it up. 


try /var/lib/samba/winbindd_idmap.tdb
and /var/cache/samba/winbindd_cache.tdb

for reference you can look at man winbindd for these filenames
Not sure, but my man winbindd file shows locked files for the database, here is the sniplet, 

WINBINDD(8)                                           WINBINDD(8)

      $LOCKDIR/winbindd_idmap.tdb
             Storage  for  the Windows NT rid to UNIX user/group id mapping. The lock directory is specified when Samba is initially compiled using  the  --with-lockdir  option.   This directory is by default /usr/local/samba/var/locks .

      $LOCKDIR/winbindd_cache.tdb
             Storage for cached user and group information.
-----

Note, this is from the debian package of winbindd.

I did find the .tdb files where you said they would be though, but the man showed different.


Thanks again.

-debuser






I think you should post what your permissions problem is, not the
uid/gid stuff. i.e., you are trying to use acl's and it is not working,
can't create files when viewing the share from windows... you should
have much better luck solving your issue that way.



-Debuser.

what an amazingly coincidental name ;-)


Yes, isn't it a great name?  :)
Reply to: