Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Samba loosing SID UID mapping
Special Forums UNIX and Linux Applications Samba loosing SID UID mapping Post 302900541 by mph on Wednesday 7th of May 2014 11:10:37 AM
Old 05-07-2014
Samba loosing SID UID mapping
Hi all,

I don't know how many times I've setup samba shares, but... It's been a while since the last time. The SID UID maps used to always seem random. I.E. if I had to move the data to another box, I'd have to note all of the SID / UID relations and write scripts to convert them on the new box.

This last time I used the rid method (first time I'd seen it). All went well for a while. Users authenticated from the domain with no issue, etc... After about a week of operation, the mappings started to drop off. When this happens the only way to fix it is use wbinfo -R UID and get the user name, then find the files with the UID+offset and chown them. I've written a scipt file to do this, but that's not the point.

Attached is my smb config file. What am I missing here.

Thanks in advance.

MPH

Code:
[global]
        workgroup = OURDOMAIN
        realm = OURDOMAIN.LOCAL
        preferred master = no
        server string = server01
        security = ADS
        encrypt passwords = Yes
        allow trusted domains = No
        client lanman auth = No
        client plaintext auth = No
        log file = /var/log/samba/log.%m
        log level = 2 passdb:2 auth:2 winbind:2
        max log size = 1000
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = no
        printing = bsd
        printcap name = /dev/null
        local master = Yes
        domain master = No
        dns proxy = No
        ldap ssl = no
        ldap timeout = 30
        idmap config * : backend = rid
        idmap config * : base_rid = 0
        idmap config * : range = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind cache time = 3000
        winbind separator = +
        winbind use default domain = Yes
        template shell = /bin/bash
        hosts allow = 10.1.x.x/24, 10.2.x.x/24
        directory mask = 0000
        create mask = 0644
        browseable = No
        available = No
        deadtime = 15
        vfs objects = full_audit
        full_audit:prefix = %u|%I|%S
        full_audit:success = write pwrite unlink
        full_audit:failure = none
        full_audit:facility = LOCAL6
        full_audit:priority = ALERT


[share]
        path = /share
        valid users = @OURDOMAIN+valid_users
        force group = trans
        read only = No
        max connections = 75
        available = Yes

 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

need to generate unique id from constant sid

Hello I have multiple accounts that running application that uses unique port number I want to generate this port from some sid number that stays constant for every user account , is there any place in the system that generate number that is unique to the account ? thanks (0 Replies)
Discussion started by: umen
0 Replies

2. UNIX Desktop Questions & Answers

Sid

What is SID and how to gahter information about that ?? Is this the right forum to ask this question ? If not then please help me out.. (6 Replies)
Discussion started by: risshanth
6 Replies

3. UNIX for Dummies Questions & Answers

. oraenv vs setdb [SID]

Hi, i am working on Tru64 os... When i try to connect to an Oracle instance, the usual method i follow is chsxsora1:oracle:PRD1 > . oraenv ORACLE_SID = ? PRD1 But for one Instance it was not working, chsxsora2:oracle:TST2 > . oraenv ORACLE_SID =*= ? TST2 i... (0 Replies)
Discussion started by: saharookiedba
0 Replies

4. What is on Your Mind?

You know your on the brink of loosing it when.....

you spend an entire day with scripting nightmares and go to bed real late in the early morning hrs to wake up to your gf asking you a question and your only answer is "It's in the script" LMAO Happened to me this morning would you believe that?? My daughter is 10yrs old and my gf wanted to check... (3 Replies)
Discussion started by: phpfreak
3 Replies

5. Shell Programming and Scripting

Script creation(How to validate SID?)

I was going write a script from following site. Unix Shell Script to Execute Oracle SQL Query (link removed) My configuration setting for oracle XE. export ORACLE_HOME=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server export PATH=$PATH:$ORACLE_HOME/bin export ORACLE_SID=XE but after... (4 Replies)
Discussion started by: pinga123
4 Replies

6. Red Hat

pam_krb5 UID mapping (clashing UIDs)

Hi, I'm considering implementing pam_krb5 on RHEL 5.5 and Solaris 10, and I'm in an environment that has a number of legacy NIS domains. They've all been migrated into Active Directory, RFC2307, with the NIS maps that differed in each domain kept within its own container. However, users and... (0 Replies)
Discussion started by: cambridge
0 Replies

7. Shell Programming and Scripting

Creating unique mapping from multiple mapping

Hello, I do not know if this is the right title to use. I have a large dictionary database which has the following structure: where a b c d e are in English and p q r s t are in a target language., the two separated by the delimiter =. What I am looking for is a perl script which will take... (5 Replies)
Discussion started by: gimley
5 Replies

8. Solaris

Loosing connection after authentication

Hi! I am having a problem when logging in on a solaris 10 server, after typing one or two commands, I lose connectivity, with the following message: server unexpectedly closed network connection I have checked the following: grep `uname -n` /etc/inet/hosts /etc/inet/ipnodes... (8 Replies)
Discussion started by: fretagi
8 Replies

LEARN ABOUT CENTOS

idmap_tdb2

IDMAP_TDB2(8)						    System Administration tools 					     IDMAP_TDB2(8)

NAME

       idmap_tdb2 - Samba's idmap_tdb2 Backend for Winbind

DESCRIPTION

       The idmap_tdb2 plugin is a substitute for the default idmap_tdb backend used by winbindd for storing SID/uid/gid mapping tables in
       clustered environments with Samba and CTDB.

       In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs
       in order to create new mappings.

IDMAP OPTIONS

       range = low - high
	   Defines the available matching uid and gid range for which the backend is authoritative.

       script
	   This option can be used to configure an external program for performing id mappings instead of using the tdb counter. The mappings are
	   then stored int tdb2 idmap database. For details see the section on IDMAP SCRIPT below.

IDMAP SCRIPT

       The tdb2 idmap backend supports an external program for performing id mappings through the smb.conf option idmap config * : script or its
       deprecated legacy form idmap : script.

       The mappings obtained by the script are then stored in the idmap tdb2 database instead of mappings created by the incrementing id counters.
       It is therefore important that the script covers the complete range of SIDs that can be passed in for SID to Unix ID mapping, since
       otherwise SIDs unmapped by the script might get mapped to IDs that had previously been mapped by the script.

       The script should accept the following command line options.

		SIDTOID S-1-xxxx
		IDTOSID UID xxxx
		IDTOSID GID xxxx

       And it should return one of the following responses as a single line of text.

		UID:yyyy
		GID:yyyy
		SID:yyyy
		ERR:yyyy

EXAMPLES

       This example shows how tdb2 is used as a the default idmap backend.

		[global]
		idmap config * : backend = tdb2
		idmap config * : range = 1000000-2000000

       This example shows how tdb2 is used as a the default idmap backend using an external program via the script parameter:

		[global]
		idmap config * : backend = tdb2
		idmap config * : range = 1000000-2000000
		idmap config * : script = /usr/local/samba/bin/idmap_script.sh

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

Samba 4.0							    06/17/2014							     IDMAP_TDB2(8)
All times are GMT -4. The time now is 02:07 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy