Bug 11856 - Inconsistent id mapping between winbind(d)/nss and file service
Inconsistent id mapping between winbind(d)/nss and file service
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.2.11
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-19 14:51 UTC by Tim Eberhardt
Modified: 2016-05-07 02:44 UTC (History)
1 user (show)

See Also:


Attachments
Glabal section of smb.conf (1.34 KB, text/plain)
2016-04-19 15:04 UTC, Tim Eberhardt
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Eberhardt 2016-04-19 14:51:11 UTC
In the past (most noticeable since the upgrade from 4.1 to 4.2 and especially now since 4.2.11) we had some trouble with id mappings on our DC, which also acts as file server.

At first we used the default winbindd. When we made a getent or id call for a user/group, then for some accounts it returned the unix id (10000+) and for some the internal id (300000+).

Because of this and problems with ACLs we switched to the internal winbind. Now mappings via NSS (getent, id, ...) seem to be consistent and always return the unix ids. But when we set permission under Windows, this process eventually (only in some cases) still uses the internal ids and writes them to the ACLs. We then have to manually add the correct unix user/group id to the ACLs, so the user can use the folder in the way he should.
Comment 1 Tim Eberhardt 2016-04-19 15:04:34 UTC
Created attachment 12008 [details]
Glabal section of smb.conf