I have a couple of file servers in my network running Samba 3.6 as member servers. Something that you would want to get going at some point is syncing the UID/GID across the machines so that if you want to move the data around the uids/gids are the same. The way to make this work is with the idmap configurations. I hadn’t done this and in my stupidity had created a second file server that couldn’t move files to and from the first. IDIOT!
In Samba 3.6 idmap was completely re-written as it was a bit broken before then and its actually quite simple to have your machines all talking the same uid/gid. This is to use the idmap_rid system. From the samba docs.
idmap_ridfacility is a new tool that, unlike native winbind, creates a predictable mapping of MS Windows SIDs to UNIX UIDs and GIDs
If you have already setup your file server without using idmap_rid you can change how it works by adding the following lines to your global section of your samba conf file. Replacing the lines and or removing lines as required.
</p> <p>workgroup = MYDOMAIN<br /> password server = pdc.mydomain.com<br /> encrypt passwords = Yes<br /> realm = MYDOMAIN.COM<br /> security = ads<br /> allow trusted domains = false<br /> idmap config * : backend = tdb<br /> idmap config * : range = 10001-20000<br /> idmap config MYDOMAIN : backend = rid<br /> idmap config MYDOMAIN : range = 5000-10000<br /> idmap config MYDOMAIN : base_rid = 0</p> <p>
I’m not sure if this step is needed but I removed the member server from the domain. Then I restarted samba and winbind, rejoined the member server and I was still getting the old Ids. I realised that winbind was caching the old Id’s and no matter what I did I couldn’t work out how to update them. After searching around for quite a while I found this blog post from Alex Cline. The commands are very straight forward.
net cache flush
It’s really that simple. I found posts all over the place talking about killing the samba data directory in /var/lib/samba and that all sounded a little crazy. I’m glad its as simple as that. To test that this worked, just run the following command to see the new id from winbind.
id -u username
This should output your new rid generated id.
Rinse and repeat for any other servers you might have.