Re: Question on Winbind
Mark Roach wrote:
On Sun, 2003-01-19 at 20:35, Debian User wrote:
Hi, I have been pulling out hair on this one.
I am trying to get a debian box to share files to an NT 4 network.
I installed Samba, works great. I also installed Winbind and that also
works, but I have a problem when trying to set file permissions.
When I do a - getent group or a - getent passwd the mappings show from
the NT PDC but the uid and gid are identical on some users. Like say
User1 has a uid of 10004, but looking at getent group shows that 10004
is the GID for Domain Users on the NT box. So, basically the UID and GID
are the same for some users and groups. This is causing a serious
problem when trying to set permissions on certain folders for users.
Having identical numbers for groups and users is not a conflict, it is
numbering different things. You can be user #123 in group #123 or you
can be user #456 in group #789, they do not conflict with each other.
Thanks a bunch Mark, now that I think about it, I guess your correct
about the group UID numbers, I guess I was use to seeing on my local box
totally different numbers in the /etc/group file so I assumed they had
to be different and I kinda changed my direction at that point to solve
the number conflict, when it was actually ok. I also saw other post
that said they had to be different.
All the instructions I have see say to set the lines -- winbind uid =
10000-20000 and winbind gid = 10000-20000 in the smb.conf.
So I figured Linux would give the id numbers a first come first basis,
but it abviously dosent.
I have completely uninstalled, purged and reinstalled both Samba and
Winbind, and still the same mappings. I have also changed the smb.conf
file to give completely different mappings of --winbind uid =
15000-20000 - winbind gid = 20001-25000 , but when I do a getent group
or getent passwd it still shows mappings starting at 10000. I have
restarted all the related services and rebooted the machine, still no
luck. It is authenticating properly to the domain when browsing, but I
really need to get proper permissions set. I searched the web for 2
hours and didn't find a bit of info on this problem. I'm stuck.
It's as if there is a database file somewhere in the system that has
kept this information from my orgional install and won't give it up.
try /var/lib/samba/winbindd_idmap.tdb
and /var/cache/samba/winbindd_cache.tdb
for reference you can look at man winbindd for these filenames
Not sure, but my man winbindd file shows locked files for the database,
here is the sniplet,
WINBINDD(8) WINBINDD(8)
$LOCKDIR/winbindd_idmap.tdb
Storage for the Windows NT rid to UNIX user/group id mapping. The lock directory is specified when Samba is initially compiled using the --with-lockdir option. This directory is by default /usr/local/samba/var/locks .
$LOCKDIR/winbindd_cache.tdb
Storage for cached user and group information.
-----
Note, this is from the debian package of winbindd.
I did find the .tdb files where you said they would be though, but the man showed different.
Thanks again.
-debuser
I think you should post what your permissions problem is, not the
uid/gid stuff. i.e., you are trying to use acl's and it is not working,
can't create files when viewing the share from windows... you should
have much better luck solving your issue that way.
-Debuser.
what an amazingly coincidental name ;-)
Yes, isn't it a great name? :)
Reply to: