[Samba] winbind confused about the DC's
Timo Aaltonen
tjaalton at cc.hut.fi
Thu Jan 28 08:02:37 MST 2010
On Thu, 28 Jan 2010, Timo Aaltonen wrote:
> On Thu, 28 Jan 2010, Timo Aaltonen wrote:
>
>>
>> Hi
>>
>> Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't.
>> The log.winbindd-idmap is filled with this:
>
> More verbose part of the log where it goes wrong:
Bollocks. I had to change the config, this works:
[global]
workgroup = AALTO
realm = ORG.AALTO.FI
security = ADS
kerberos method = system keytab
idmap config AALTO : backend = ad
idmap config AALTO : readonly = yes
idmap config AALTO : schema_mode = rfc2307
idmap config AALTO : range = 1000-4000000000
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
winbind nss info = rfc2307
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = true
winbind cache time = 5
winbind refresh tickets = true
A summary of the changes:
- idmap backend = ad -> idmap config AALTO : backend = ad
- add range & idmap uid/gid
(- added winbind offline/cache/refresh, but they are irrelevant here)
Without setting the range the uid would be mapped to the default value
(which I asked about last fall).
--
Timo Aaltonen
Systems Specialist
IT Services, Aalto University School of Science and Technology
More information about the samba
mailing list