Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Samba loosing SID UID mapping
Special Forums UNIX and Linux Applications Samba loosing SID UID mapping Post 302900541 by mph on Wednesday 7th of May 2014 11:10:37 AM
Old 05-07-2014
Samba loosing SID UID mapping
Hi all,

I don't know how many times I've setup samba shares, but... It's been a while since the last time. The SID UID maps used to always seem random. I.E. if I had to move the data to another box, I'd have to note all of the SID / UID relations and write scripts to convert them on the new box.

This last time I used the rid method (first time I'd seen it). All went well for a while. Users authenticated from the domain with no issue, etc... After about a week of operation, the mappings started to drop off. When this happens the only way to fix it is use wbinfo -R UID and get the user name, then find the files with the UID+offset and chown them. I've written a scipt file to do this, but that's not the point.

Attached is my smb config file. What am I missing here.

Thanks in advance.

MPH

Code:
[global]
        workgroup = OURDOMAIN
        realm = OURDOMAIN.LOCAL
        preferred master = no
        server string = server01
        security = ADS
        encrypt passwords = Yes
        allow trusted domains = No
        client lanman auth = No
        client plaintext auth = No
        log file = /var/log/samba/log.%m
        log level = 2 passdb:2 auth:2 winbind:2
        max log size = 1000
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = no
        printing = bsd
        printcap name = /dev/null
        local master = Yes
        domain master = No
        dns proxy = No
        ldap ssl = no
        ldap timeout = 30
        idmap config * : backend = rid
        idmap config * : base_rid = 0
        idmap config * : range = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind cache time = 3000
        winbind separator = +
        winbind use default domain = Yes
        template shell = /bin/bash
        hosts allow = 10.1.x.x/24, 10.2.x.x/24
        directory mask = 0000
        create mask = 0644
        browseable = No
        available = No
        deadtime = 15
        vfs objects = full_audit
        full_audit:prefix = %u|%I|%S
        full_audit:success = write pwrite unlink
        full_audit:failure = none
        full_audit:facility = LOCAL6
        full_audit:priority = ALERT


[share]
        path = /share
        valid users = @OURDOMAIN+valid_users
        force group = trans
        read only = No
        max connections = 75
        available = Yes

 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

need to generate unique id from constant sid

Hello I have multiple accounts that running application that uses unique port number I want to generate this port from some sid number that stays constant for every user account , is there any place in the system that generate number that is unique to the account ? thanks (0 Replies)
Discussion started by: umen
0 Replies

2. UNIX Desktop Questions & Answers

Sid

What is SID and how to gahter information about that ?? Is this the right forum to ask this question ? If not then please help me out.. (6 Replies)
Discussion started by: risshanth
6 Replies

3. UNIX for Dummies Questions & Answers

. oraenv vs setdb [SID]

Hi, i am working on Tru64 os... When i try to connect to an Oracle instance, the usual method i follow is chsxsora1:oracle:PRD1 > . oraenv ORACLE_SID = ? PRD1 But for one Instance it was not working, chsxsora2:oracle:TST2 > . oraenv ORACLE_SID =*= ? TST2 i... (0 Replies)
Discussion started by: saharookiedba
0 Replies

4. What is on Your Mind?

You know your on the brink of loosing it when.....

you spend an entire day with scripting nightmares and go to bed real late in the early morning hrs to wake up to your gf asking you a question and your only answer is "It's in the script" LMAO Happened to me this morning would you believe that?? My daughter is 10yrs old and my gf wanted to check... (3 Replies)
Discussion started by: phpfreak
3 Replies

5. Shell Programming and Scripting

Script creation(How to validate SID?)

I was going write a script from following site. Unix Shell Script to Execute Oracle SQL Query (link removed) My configuration setting for oracle XE. export ORACLE_HOME=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server export PATH=$PATH:$ORACLE_HOME/bin export ORACLE_SID=XE but after... (4 Replies)
Discussion started by: pinga123
4 Replies

6. Red Hat

pam_krb5 UID mapping (clashing UIDs)

Hi, I'm considering implementing pam_krb5 on RHEL 5.5 and Solaris 10, and I'm in an environment that has a number of legacy NIS domains. They've all been migrated into Active Directory, RFC2307, with the NIS maps that differed in each domain kept within its own container. However, users and... (0 Replies)
Discussion started by: cambridge
0 Replies

7. Shell Programming and Scripting

Creating unique mapping from multiple mapping

Hello, I do not know if this is the right title to use. I have a large dictionary database which has the following structure: where a b c d e are in English and p q r s t are in a target language., the two separated by the delimiter =. What I am looking for is a perl script which will take... (5 Replies)
Discussion started by: gimley
5 Replies

8. Solaris

Loosing connection after authentication

Hi! I am having a problem when logging in on a solaris 10 server, after typing one or two commands, I lose connectivity, with the following message: server unexpectedly closed network connection I have checked the following: grep `uname -n` /etc/inet/hosts /etc/inet/ipnodes... (8 Replies)
Discussion started by: fretagi
8 Replies

LEARN ABOUT OPENSOLARIS

idmap_rid

IDMAP_RID(8)                                                System Administration tools                                               IDMAP_RID(8)

NAME

       idmap_rid - Samba's idmap_rid Backend for Winbind

DESCRIPTION

       The idmap_rid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs. No database is required in this case
       as the mapping is deterministic.

IDMAP OPTIONS

       range = low - high
           Defines the available matching uid and gid range for which the backend is authoritative. Note that the range acts as a filter. If
           algorithmically determined UID or GID fall outside the range, they are ignored and the corresponding map is discarded. It is intended
           as a way to avoid accidental UID/GID overlaps between local and remotely defined IDs.

       base_rid = INTEGER
           Defines the base integer used to build SIDs out of a UID or a GID, and to rebase the UID or GID to be obtained from a SID. This means
           SIDs with a RID less than the base rid are filtered. The default is not to restrict the allowed rids at all, i.e. a base_rid value of
           0. A good value for the base_rid can be 1000, since user RIDs by default start at 1000 (512 hexadecimal).

           Use of this parameter is deprecated.

THE MAPPING FORMULAS

       The Unix ID for a RID is calculated this way:

                          ID = RID - BASE_RID + LOW_RANGE_ID.

       Correspondingly, the formula for calculating the RID for a given Unix ID is this:

                          RID = ID + BASE_RID - LOW_RANGE_ID.

EXAMPLES

       This example shows how to configure two domains with idmap_rid, the principal domain and a trusted domain, leaving the default id mapping
       scheme at tdb. The example also demonstrates the use of the base_rid parameter for the trusted domain.

                [global]
                security = domain
                workgroup = MAIN

                idmap backend = tdb
                idmap uid = 1000000-1999999
                idmap gid = 1000000-1999999

                idmap config MAIN : backend     = rid
                idmap config MAIN : range       = 10000 - 49999

                idmap config TRUSTED : backend  = rid
                idmap config TRUSTED : range    = 50000 - 99999
                idmap config TRUSTED : base_rid = 1000

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

Samba 3.5                                                           06/18/2010                                                        IDMAP_RID(8)
All times are GMT -4. The time now is 02:42 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy