Web lists-archives.com

Re: [Samba] mixed versions, mixed UIDs




On Thu, 10 Jan 2019 09:29:19 -0500
Steve Hideg via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello,
> 
> I've inherited a set of servers running Red Hat Enterprise Linux
> Server release 5.9. They have some variant of samba 3.3 on them (e.g.
> Version 3.3.8-0.52.el5_5.2). These servers are using Samba and
> Winbind as a way to bind to our Active Directory environment as
> domain members.
> 
> We also have a domain member file server running the following:
> 
> Red Hat Enterprise Linux Server release 5.6 (Tikanga)
> Samba/Winbind Version 3.5.4-0.70.el5
> 
> Due to hardware aging and the desire to use newer versions of the SMB
> protocol, I have been building a new server and migrate user's data
> over to it. The new server is running the following:
> 
> Red Hat Enterprise Linux Server release 7.6 (Maipo)
> Samba/Winbind Version 4.8.3
> 
> One issue I've been having is trying to get UIDs to coinside between
> old and new software versions.
> 
> Our Samba 3 configs have the following defined:
> idmap config ADSMC:default = yes
> idmap config ADSMC:backend = rid
> idmap config ADSMC:base_rid=500
> idmap config ADSMC:range = 2000-100000
> 
> I've set up the following in our Samba 4 server:
> idmap config ADSMC:range = 2000-100000
> idmap config * :range = 2000-100000
> idmap config ADSMC : backend = rid
> idmap config * : backend = tdb

That isn't going to work, the ranges must not overlap.

> 
> In an effort to keep things as compatible as possible between
> co-existing old and new servers, I made an effort to emulate the old
> settings ad much as possible.

No you didn't

> 
> I don't know if these settings are correct for our AD/Samba
> environment, but it seems to work except for one issue. Every UID and
> GID issued by the new server is 500 greater than the old server. This
> presents a problem on some of the old servers that automount user
> directories on the file server via NFS. The UID discrepancy results
> in users not owning their own directories and files when logged into
> older servers.
> 
> One way I have tried to mitigate this was to set the ranges on the new
> server to 500 less:
> idmap config ADSMC:range = 1500-100000
> idmap config * :range = 1500-100000

No, it wouldn't

> 
> Is this an acceptable solution, or is there something more radical I
> need to do?

How about reading 'man idmap_rid' ?
Is that radical enough for you ;-)
If you had read it, you would have found that the ID's are calculated
from:

ID = RID - BASE_RID + LOW_RANGE_ID

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba