The problem described in bug #301968 also applies to the currently-stable samba-3.4.6: With the 'winbind' use flag turned on, the idmap_rid and idmap_ad modules are not built and installed. [This is even mentioned in that bug report...] This means that winbind-attached users cannot be "connected" as system users when trying to use either of these backends - which would be the "normal" case IMO. In other words: The system does not know about domain users with any version of samba installed that exhibits this problem. Reproducible: Always Steps to Reproduce: 1. Install net-fs/samba-3.4.6, with winbind enabled 2. Configure samba with winbind and the idmap_rid backend [see current 'man smb.conf', docs on the net are for the most part outdated regarding required syntax] 3. Configure nsswitch.conf to use winbind for passwd, shadow, group Actual Results: a) 'wbinfo -u' will work as expected - showing that the samba-side winbind setup itself is working correctly b) 'wbinfo -S <domainUser>' will complain about not being able to convert sid -> uid c) 'getent passwd' will NOT show any domain users Expected Results: a) same as above b) 'wbinfo -S ...' will return the SID of the given user c) domain users are shown with 'gentent passwd' This is the same problem described in bug #301968, but pertaining to samba-3.4.6. I'd guess this applies to any version of samba >= 3.4.0, which does not include specific code in its ebuild to enable '--with-shared-modules=idmap_rid,idmap_ad' when calling 'configure'. I've applied the patch given in bug #301968 to the current samba-3.4.6.ebuild, this resulted in a samba-3.4.6 working correctly (i.e., "Expected Results" above) on my system. Looking at current net-fs/samba-3.5.4.ebuild: The code there seems cleaner than the patch from bug #301968, perhaps that should be backported rather than using my quick-and-dirty apply of the above-mentioned patch to samba-3.4.6.ebuild: --- net-fs/samba/samba-3.4.6.ebuild 2010-07-22 07:15:22.000000000 +0200 +++ /usr/portage/net-fs/samba/samba-3.4.6.ebuild 2010-06-05 21:37:11.000000000 +0200 @@ -71,11 +71,6 @@ use cups && BINPROGS="${BINPROGS} bin/smbspool" use ldb && BINPROGS="${BINPROGS} bin/ldbedit bin/ldbsearch bin/ldbadd bin/ldbdel bin/ldbmodify bin/ldbrename"; use winbind && BINPROGS="${BINPROGS} bin/wbinfo" -use winbind && mymod_shared="--with-shared-modules=idmap_rid" -if use ldap ; then - use winbind && mymod_shared="${mymod_shared},idmap_ad" -fi - S="${WORKDIR}/${MY_P}/source3" @@ -182,7 +177,6 @@ $(use_with aio aio-support) \ --with-sendfile-support \ $(use_with winbind) \ - ${mymod_shared} \ --without-included-popt \ --without-included-iniparser }
- IMPORTANT - The diff given above is backwards, here's the correct one: --- /usr/portage/net-fs/samba/samba-3.4.6.ebuild 2010-06-05 21:37:11.000000000 +0200 +++ net-fs/samba/samba-3.4.6.ebuild 2010-07-22 07:15:22.000000000 +0200 @@ -71,6 +71,11 @@ use cups && BINPROGS="${BINPROGS} bin/smbspool" use ldb && BINPROGS="${BINPROGS} bin/ldbedit bin/ldbsearch bin/ldbadd bin/ldbdel bin/ldbmodify bin/ldbrename"; use winbind && BINPROGS="${BINPROGS} bin/wbinfo" +use winbind && mymod_shared="--with-shared-modules=idmap_rid" +if use ldap ; then + use winbind && mymod_shared="${mymod_shared},idmap_ad" +fi + S="${WORKDIR}/${MY_P}/source3" @@ -177,6 +182,7 @@ $(use_with aio aio-support) \ --with-sendfile-support \ $(use_with winbind) \ + ${mymod_shared} \ --without-included-popt \ --without-included-iniparser }
This is ugly bug. I updated my samba servers and they broke all my IDMAP bindings and permissions on shares. Please fix 3.4.x version as it hit all stable systems without alternatives.
Created attachment 257664 [details, diff] samba-3.4.9.ebuild.patch Here patch for 3.4.9 ebuild. It install idmap_adex, idmap_ldap, idmap_rid, idmap_hash as shared modules. At last I recovered my IDMAP bindings and permissions.
Created attachment 257778 [details, diff] Patch adding suport for various idmap modules and manpages Attached is the updated patch applied to the ebuild
+ 22 Dec 2010; Víctor Ostorga <vostorga@gentoo.org> samba-3.4.9.ebuild, + samba-3.5.6.ebuild: + Adding idmap (rid,adex,ldap,hash,ad) modules support, bugs #329383 #285814 + #290265 Adding manpages for idmap modules bug #281262 + Based on patch thanks to Azamat H. Hackimov <azamat.hackimov@gmail.com>