winbind issue on RHEL 5.9 and RHEL 6.4
Hi all,
I just want to let you know about a possible issue with winbind setups in RHEL 5.9 and the upcoming RHEL 6.4.
Responses
EEF! Why would you guys have included a default RID-map range that could clobber what customers already have? This seems like a situation where an install script that *merged* new parameters into an existing local file (and that created an rpmsave file of the pre-install config) woulda been a good choice.
Brings up the question, though: with things like Samba, why isn't the config done in two parts: a vendor-maintained parent-config file that has a standard-include of a service.conf-local type file?
Red Hat
Guru
3695 points
Thomas,
Valid points. I've opened a BZ to see if we can get this looked at for 6.4 (it's too late obviously for 5.9):
https://bugzilla.redhat.com/show_bug.cgi?id=901671
Regards,
Andrius Benokraitis
Red Hat, Inc.
Thomas,
Thanks for your interest in the subject. Id love to get any feed back if things could be made more clear. We did not include a new default range in peoples existing config files. The config file is unmodified on an upgrade. What changed was the way peoples existing range needs to be defined in a new way for the rebased samba version. The old range settings have been that way since the 3.0.x series of samba and this is the first change like this in quite a while.
If my comment about a default range in the knowledge base is misleading id like to resolve that so any feedback is greatly appreciated. If someone uses authconfig to setup up winbind on a server this will always set the range mentioned. People can use what ever range they want though, this depends on peoples existing infrastructure since directory services for uid/gid ranges differ in each environment.
There can be quite a few ways people have configured winbind so you will not get one config for all setups. That said I will keep and open dialog going with engineering to see what our options. The post section of the rpm could be used for example. A search and replace could be done in post but it would mean modifying existing configs. We unfortunately can not simply swapped out to the stock rpm shipping config, as this would also break things on upgrades.
Regards,
Jeremy
Thomas,
Hopefully this first kcs will help everyone with questions regarding the idmap changes. To sumarize most setups will not notice any issues. Here is all about things getting depreciated and how it will affect things. How does the rebase of samba affect an existing setup https://access.redhat.com/knowledge/solutions/296773 We will also be supporting the smb2 protocol for the first time on fileservers. Windows vista and above should support this and if your customer is interested in this new feature check here. How to enable SMB2 protocol support on RHEL https://access.redhat.com/knowledge/solutions/296793 Additional information regarding configs that could be affected are covered in the previously mentioned kcs. Its been slightly update to be more specific on additional backends to eliminate any confusion. Sorry if i didnt have this messages well in the first post. https://access.redhat.com/knowledge/solutions/291063 Im writting one more kcs about another issue we just found in the 3.6 series. It is not realated to the winbind setups but it will affect people using security=share setups. Its also resolvable with some minor config changes over to security=user mode. The BZ is private but ill post the public kcs when i publish it. https://bugzilla.redhat.com/show_bug.cgi?id=905071 Regards, Jeremy
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.