Prev: [Samba] Using the 'WatchSubDirectories' setting in a .NET FileSystemWatcher with a Samba Share
Next: [Samba] Samba only quotas?
From: Samba Guy on 4 Feb 2010 16:20 Hi samba folks, We have upgraded samba 3.2 to samba 3.4 and it has broken our idmap RID backend config. The below idmap configuration was being used for samba 3.2 with two domains: idmap domains = QA2K3192, QA2K3SUB19 idmap config QA2K3SUB192:range = 2000000 - 2999999 idmap config QA2K3SUB192:base_rid = 0 idmap config QA2K3SUB192:backend = rid idmap config QA2K3192:range = 1000000 - 1999999 idmap config QA2K3192:base_rid = 0 idmap config QA2K3192:backend = rid And had the following results: Linux:~ # wbinfo --group-info='qa2k3192\domain users' QA2K3192\domain users:x:1000513 Linux:~ # wbinfo --group-info='qa2k3sub192\domain users' QA2K3SUB192\domain users:x:2000513 Which is correct and reports the correct information consistently for this configuration. ------------------------------------------------------------------------------------------------ We do not obtain the same idmap results with the same idmap backend (RID) with samba 3.4: idmap backend = tdb| idmap uid = 90000000 - 99999999 idmap gid = 90000000 - 99999999 idmap config QA2K3SUB192:range = 2000000 - 2999999 idmap config QA2K3SUB192:backend = rid idmap config QA2K3SUB192:default = yes idmap config QA2K3192:range = 1000000 - 1999999 idmap config QA2K3192:backend = rid idmap config QA2K3192:default = yes *Linux:~ # service smb restart Shutting down Samba SMB daemon done* *Starting Samba SMB daemon done* *Linux:~ # service nmb restart* *Shutting down Samba NMB daemon done* *Starting Samba NMB daemon done* *Linux:~ # service winbind restart|* *Shutting down Samba WINBIND daemon done* *Starting Samba WINBIND daemon done* *Linux:~ # net cache flush* Linux:~ # wbinfo --group-info='qa2k3192\domain users' QA2K3192\domain users:x:90000000 Linux:~ # wbinfo --group-info='qa2k3sub192\domain users' QA2K3SUB192\domain users:x:90000001 Those groups should not be in that range! We do not want to use the idmap uid = or idmap gid = setting as it dumps some domain ids in the wrong range, yet we seem forced to add those to the config in samba 3.4 - I understand idmap hash is superior but for our setup we cant migrate to this new paradigm due to the amount of data currently written to fileserver with idmap RID based ACLs. Can anyone provide the following: Documentation of how to configure idmap backend = rid with two domains using samba 3.4 Configuration Example: One win2k3 domain with the range of 1000000-1999999 and the other child domain with a range of 2000000-2999999 The expectation we have is it should behave the same as samba 3.2. We only want domain users mapped to their appropriate/specified idmaps "buckets" as it was before in 3.2 with our config. Thanks, A Samba Guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |