Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Samba loosing SID UID mapping
Special Forums UNIX and Linux Applications Samba loosing SID UID mapping Post 302900541 by mph on Wednesday 7th of May 2014 11:10:37 AM
Old 05-07-2014
Samba loosing SID UID mapping
Hi all,

I don't know how many times I've setup samba shares, but... It's been a while since the last time. The SID UID maps used to always seem random. I.E. if I had to move the data to another box, I'd have to note all of the SID / UID relations and write scripts to convert them on the new box.

This last time I used the rid method (first time I'd seen it). All went well for a while. Users authenticated from the domain with no issue, etc... After about a week of operation, the mappings started to drop off. When this happens the only way to fix it is use wbinfo -R UID and get the user name, then find the files with the UID+offset and chown them. I've written a scipt file to do this, but that's not the point.

Attached is my smb config file. What am I missing here.

Thanks in advance.

MPH

Code:
[global]
        workgroup = OURDOMAIN
        realm = OURDOMAIN.LOCAL
        preferred master = no
        server string = server01
        security = ADS
        encrypt passwords = Yes
        allow trusted domains = No
        client lanman auth = No
        client plaintext auth = No
        log file = /var/log/samba/log.%m
        log level = 2 passdb:2 auth:2 winbind:2
        max log size = 1000
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = no
        printing = bsd
        printcap name = /dev/null
        local master = Yes
        domain master = No
        dns proxy = No
        ldap ssl = no
        ldap timeout = 30
        idmap config * : backend = rid
        idmap config * : base_rid = 0
        idmap config * : range = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind cache time = 3000
        winbind separator = +
        winbind use default domain = Yes
        template shell = /bin/bash
        hosts allow = 10.1.x.x/24, 10.2.x.x/24
        directory mask = 0000
        create mask = 0644
        browseable = No
        available = No
        deadtime = 15
        vfs objects = full_audit
        full_audit:prefix = %u|%I|%S
        full_audit:success = write pwrite unlink
        full_audit:failure = none
        full_audit:facility = LOCAL6
        full_audit:priority = ALERT


[share]
        path = /share
        valid users = @OURDOMAIN+valid_users
        force group = trans
        read only = No
        max connections = 75
        available = Yes

 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

need to generate unique id from constant sid

Hello I have multiple accounts that running application that uses unique port number I want to generate this port from some sid number that stays constant for every user account , is there any place in the system that generate number that is unique to the account ? thanks (0 Replies)
Discussion started by: umen
0 Replies

2. UNIX Desktop Questions & Answers

Sid

What is SID and how to gahter information about that ?? Is this the right forum to ask this question ? If not then please help me out.. (6 Replies)
Discussion started by: risshanth
6 Replies

3. UNIX for Dummies Questions & Answers

. oraenv vs setdb [SID]

Hi, i am working on Tru64 os... When i try to connect to an Oracle instance, the usual method i follow is chsxsora1:oracle:PRD1 > . oraenv ORACLE_SID = ? PRD1 But for one Instance it was not working, chsxsora2:oracle:TST2 > . oraenv ORACLE_SID =*= ? TST2 i... (0 Replies)
Discussion started by: saharookiedba
0 Replies

4. What is on Your Mind?

You know your on the brink of loosing it when.....

you spend an entire day with scripting nightmares and go to bed real late in the early morning hrs to wake up to your gf asking you a question and your only answer is "It's in the script" LMAO Happened to me this morning would you believe that?? My daughter is 10yrs old and my gf wanted to check... (3 Replies)
Discussion started by: phpfreak
3 Replies

5. Shell Programming and Scripting

Script creation(How to validate SID?)

I was going write a script from following site. Unix Shell Script to Execute Oracle SQL Query (link removed) My configuration setting for oracle XE. export ORACLE_HOME=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server export PATH=$PATH:$ORACLE_HOME/bin export ORACLE_SID=XE but after... (4 Replies)
Discussion started by: pinga123
4 Replies

6. Red Hat

pam_krb5 UID mapping (clashing UIDs)

Hi, I'm considering implementing pam_krb5 on RHEL 5.5 and Solaris 10, and I'm in an environment that has a number of legacy NIS domains. They've all been migrated into Active Directory, RFC2307, with the NIS maps that differed in each domain kept within its own container. However, users and... (0 Replies)
Discussion started by: cambridge
0 Replies

7. Shell Programming and Scripting

Creating unique mapping from multiple mapping

Hello, I do not know if this is the right title to use. I have a large dictionary database which has the following structure: where a b c d e are in English and p q r s t are in a target language., the two separated by the delimiter =. What I am looking for is a perl script which will take... (5 Replies)
Discussion started by: gimley
5 Replies

8. Solaris

Loosing connection after authentication

Hi! I am having a problem when logging in on a solaris 10 server, after typing one or two commands, I lose connectivity, with the following message: server unexpectedly closed network connection I have checked the following: grep `uname -n` /etc/inet/hosts /etc/inet/ipnodes... (8 Replies)
Discussion started by: fretagi
8 Replies

LEARN ABOUT OSX

pam_winbind

PAM_WINBIND(7)															    PAM_WINBIND(7)

NAME

       pam_winbind - PAM module for Winbind

DESCRIPTION

       This tool is part of the samba(7) suite.

       pam_winbind is a PAM module that can authenticate users against the local domain by talking to the Winbind daemon.

OPTIONS

       pam_winbind  supports several options which can either be set in the PAM configuration files or in the pam_winbind configuration file situ-
       ated at /etc/security/pam_winbind.conf. Options from the PAM configuration file take precedence to those from the configuration file.

       debug
	  Gives debugging output to syslog.

       debug_state
	  Gives detailed PAM state debugging output to syslog.

       require_membership_of=[SID or NAME]
	  If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID can be either a	group-SID,
	  a alias-SID or even a user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: MYDOMAINmygroup or
	  MYDOMAINmyuser. pam_winbind will, in that case, lookup the SID internally. Note that NAME may not contain any spaces. It is thus recom-
	  mended to only use SIDs. You can verify the list of SIDs a user is a member of with wbinfo --user-sids=SID.

       try_first_pass

       use_first_pass
	  By  default, pam_winbind tries to get the authentication token from a previous module. If no token is available it asks the user for the
	  old password. With this option, pam_winbind aborts with an error if no authentication token from a previous module is available.

       use_authtok
	  Set the new password to the one provided by the previously stacked password module. If this option is not set pam_winbind will  ask  the
	  user for the new password.

       krb5_auth
	  pam_winbind  can  authenticate using Kerberos when winbindd is talking to an Active Directory domain controller. Kerberos authentication
	  must be enabled with this parameter. When Kerberos authentication can not succeed (e.g. due to clock skew), winbindd	will  fallback	to
	  samlogon  authentication  over  MSRPC.  When	this parameter is used in conjunction with winbind refresh tickets, winbind will keep your
	  Ticket Granting Ticket (TGT) uptodate by refreshing it whenever necessary.

       krb5_ccache_type=[type]
	  When pam_winbind is configured to try kerberos authentication by enabling the krb5_auth option, it can store the retrieved Ticket Grant-
	  ing Ticket (TGT) in a credential cache. The type of credential cache can be set with this option. Currently the only supported value is:
	  FILE. In that case a credential cache in the form of /tmp/krb5cc_UID will be created, where UID is replaced with the	numeric  user  id.
	  Leave empty to just do kerberos authentication without having a ticket cache after the logon has succeeded.

       cached_login
	  Winbind  allows  to  logon  using cached credentials when winbind offline logon is enabled. To use this feature from the PAM module this
	  option must be set.

       silent
	  Do not emit any messages.

SEE ALSO

       wbinfo(1), winbindd(8), smb.conf(5)

VERSION

       This man page is correct for version 3.0 of Samba.

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the  Samba	Team  as  an  Open
       Source project similar to the way the Linux kernel is developed.

       This manpage was written by Jelmer Vernooij and Guenther Deschner.

																    PAM_WINBIND(7)
All times are GMT -4. The time now is 05:23 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy