Hey friends,
We use samba for SSO. I've been fighting issues with FreeBSD and Samba since the 12.x days and could really use some help. Currently, on all 14.0 boxes (and 13.x for that matter), I have an issue where the UIDs and GIDs aren't reliable. That's an issue with NFSv4 mounts and permissions.
What's more frustrating is that it _was_ working and then suddenly, without a reboot or service failure, UIDs have just started changing.
It is entirely possible we're not doing this right, and if so, would love some feedback.
For instance, azuser (a service account) has the actual unix UID of 1032 in AD (samba with unix extensions). But on FreeBSD clients, the UID is sometimes right and sometimes randomly generated.
I've tried
Here's the smb.conf:
We use samba for SSO. I've been fighting issues with FreeBSD and Samba since the 12.x days and could really use some help. Currently, on all 14.0 boxes (and 13.x for that matter), I have an issue where the UIDs and GIDs aren't reliable. That's an issue with NFSv4 mounts and permissions.
What's more frustrating is that it _was_ working and then suddenly, without a reboot or service failure, UIDs have just started changing.
It is entirely possible we're not doing this right, and if so, would love some feedback.
For instance, azuser (a service account) has the actual unix UID of 1032 in AD (samba with unix extensions). But on FreeBSD clients, the UID is sometimes right and sometimes randomly generated.
I've tried
idmap config * : backend = ad
but it doesn't work ( gentent passwd
doesn't return any AD users because some don't have a unix UID). winbind nss info = template
was working, but as previously mentioned, it just stopped working randomly on some boxes.
Code:
id azuser
uid=11120(azuser) gid=10513(domain users) groups=10513(domain users),11120(azuser),11118(washington),11116(nsnetmedia),10001(BUILTIN\users)
Here's the smb.conf:
Code:
[global]
security = ADS
realm = DZSEC.NET
workgroup = DZSEC
kerberos method = secrets and keytab
client signing = yes
client use spnego = yes
log file = /var/log/samba4/%m.log
log level = 3
# Additional recommended settings
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
template homedir = /Users/%U
template shell = /usr/local/bin/zsh
idmap config * : backend = tdb
idmap config * : range = 200000-999999
idmap config DZSEC : backend = rid
idmap config DZSEC : range = 10000-99990
idmap config DZSEC : schema_mode = rfc2307
# idmap config DOMAIN : unix_nss_info = yes
# winbind nss info = rfc2307
winbind nss info = template
# Ensure correct DNS settings
dns proxy = no