[Bug 1894153] [NEW] Use current idmap configuration for winbind

Thu, 03 Sep 2020 14:26:16 -0700 

Public bug reported:

realmd in ubuntu, when --client-software=winbind was used, is writing
out an obsolete /etc/samba/smb.conf file with regards to the idmap
(identity mapping) configuration.

After the join:
$ sudo realm join -v --client-software=winbind ad1.example.com
 * Resolving: _ldap._tcp.ad1.example.com
 * Performing LDAP DSE lookup on: 10.51.0.5
 * Successfully discovered: ad1.example.com
Password for Administrator: 
 * Unconditionally checking packages
 * Resolving required packages
 * Installing necessary packages: samba-common-bin libpam-winbind winbind
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.7QYTQ0 
-U Administrator ads join ad1.example.com
Enter Administrator's password:
Using short domain name -- AD1
Joined 'G-ADCLIENT1' to dns domain 'ad1.example.com'
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.7QYTQ0 
-U Administrator ads keytab create
Enter Administrator's password:
 * /usr/sbin/update-rc.d winbind enable
 * /usr/sbin/service winbind restart
 * Successfully enrolled machine in realm

It's writing the following:
idmap backend = tdb
idmap gid = 10000-2000000
idmap uid = 10000-2000000

Samba's testparm tool already flags this as incorrect:
$ testparm 
Load smb config files from /etc/samba/smb.conf
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap gid" option is deprecated
WARNING: The "idmap uid" option is deprecated

The correct config would be:
idmap config AD1 : range = 2000000-2999999
idmap config AD1 : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb

And testparm is happy:
$ testparm 
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

** Affects: realmd (Ubuntu)
     Importance: Medium
     Assignee: Andreas Hasenack (ahasenack)
         Status: In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1894153

Title:
  Use current idmap configuration for winbind

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/realmd/+bug/1894153/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to