[Samba] Winbind ignores idmap configuration (3.0.28a)
Naadir Jeewa
naadir at randomvariable.co.uk
Thu Apr 3 21:02:24 GMT 2008
Ok,
That didn't work either. I did however change the config to idmap
DOMAIN:default=yes and got it to work for the briefest of moments.
So, it appears that the underlying fault is that the DC cannot be found
for the user.
If server signing requirements were turned off for the domain that the
server had joined to, does the same setting need to be changed on DCs on
the domains to which the user will be authenticating?
Naadir
-----Original Message-----
From: Justin Payne [mailto:jpayne at redhat.com]
Sent: 03 April 2008 21:15
To: Naadir Jeewa
Cc: samba at lists.samba.org
Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a)
Naadir Jeewa wrote:
> No joy. Still seems to look in AD for a uid instead of calculating
using
> rid.
>
> Naadir
>
Does adding the following help
idmap backend = rid
> -----Original Message-----
> From: Justin Payne [mailto:jpayne at redhat.com]
> Sent: 03 April 2008 20:31
> To: Naadir Jeewa
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a)
>
> Naadir Jeewa wrote:
>
>> Hullo,
>>
>> After having my Samba server joined to a domain, I'm now having
>> difficulties configuring winbind. I want to use the idmap_rid
backend,
>> and have recompiled Samba from scratch with the requisite rid.so
>>
> module.
>
>> However, no matter how "idmap domains / idmap config" is set up, it
>> seems to get totally ignored. Here is my smb.conf:
>>
>> [global]
>>
>> workgroup = DEPARTMENTDOMAIN
>>
>> server string = NAS Samba Server Version %v
>>
>> log file = /var/log/samba/log.%m
>> max log size = 50
>>
>> security = ads
>> realm = DEPARTMENTDOMAIN
>> use kerberos keytab = true
>>
>> load printers = no
>> local master = yes
>>
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>
>> smb ports = 445
>> disable netbios = yes
>>
>> idmap domains = ORGUSERDOMAIN
>>
>> # Winbind RID
>> idmap config ORGUSERDOMAIN: backend = rid
>> idmap config ORGUSERDOMAIN: base_rid = 1000
>> idmap config ORGUSERDOMAIN: range = 10000-20000
>>
>>
>> Here is output from winbind:
>>
>> [ 7677]: lookupsid bleh
>> get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN
>> rpc: query_user sid=bleh
>> error getting user info for sid bleh
>> query_user returned an error
>> Could not query domain ORGUSERDOMAIN SID bleh
>>
>>
>> Thanks in advance,
>>
>> Naadir Jeewa
>>
>>
> Try setting your base_rid to 513.
>
More information about the samba
mailing list