[Samba] getent passwd and winbind not work
Stéphane PURNELLE
stephane.purnelle at corman.be
Fri Jan 31 09:07:57 MST 2014
Hi,
I found the source of the problem.
We use samba since long time (samba 2.2.8 -> samba 3.x.x -> samba 3.5.12)
Backend ldap, we always try to respect the recommandation of samba (using
howto like:
https://www.samba.org/samba/docs/man/Samba-Guide/happy.html#id2571048)
On this howto, we can see:
root# getent group | grep Domain
Domain Admins:x:512:root
Domain Users:x:513:
Domain Guests:x:514:
Domain Computers:x:553:
gidNumber are 512, 513, 514, 533 for Domain groups
Now: in the howto for samba4 like :
https://wiki.samba.org/index.php/Samba/Domain_Member
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config SHORTDOMAINNAME:backend = ad
idmap config SHORTDOMAINNAME:schema_mode = rfc2307
idmap config SHORTDOMAINNAME:range = 500-40000
If I understand this example, a user with a uid or a gid >= 500 and <=
4000 will be get from AD and replace a local user with the same uid or gid
?
YES or NO (it's a question)
My configuration of samba say :
idmap config XXXXXX:range = 1000-40000
that mean that all uid or gid in my AD < 1000 will not be useable by
winbind on my file-server.
What can I do ?
changing gidNumber in my AD will impact all ACL in my file-server
Change the range to 200 to 40000 will impact configuration on my SLES
(/etc/passwd)
For testing I change the gidNumber of Domain Admins and Domain Users and
getent passwd run fine, but my ACL is corrupted
-----------------------------------
I have a other possibility : use nslcd...
if anyone have an idea ?
have a nice day
Stéphane Purnelle
-----------------------------------
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
De : Stéphane PURNELLE <stephane.purnelle at corman.be>
A : samba at lists.samba.org,
Date : 30/01/2014 09:40
Objet : Re: [Samba] getent passwd and winbind not work
Envoyé par : samba-bounces at lists.samba.org
I set in smb.conf :
winbind nss info = rfc2307
And yes, all user from classicupgrade and I set Unix attribute from ADUC.
-----------------------------------
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-bounces at lists.samba.org wrote on 30/01/2014 08:38:53:
> De : Sven Schwedas <sven.schwedas at tao.at>
> A : samba at lists.samba.org,
> Date : 30/01/2014 08:39
> Objet : Re: [Samba] getent passwd and winbind not work
> Envoyé par : samba-bounces at lists.samba.org
>
> Are the required RFC2307 attributes for posixUser/posixGroup entries set
> (cf. winbind manpages)?
>
> On 2014-01-29 17:47, Stéphane PURNELLE wrote:
> > Hi,
> >
> > I test (replacement of nslcd ) winbind in member server.
> >
> > I used Samba4/Winbind howto and howto for member server.
> >
> > wbinfo -u and wbinfo -g work fine but getent passwd not work (getent
not
> > list user from AD)
> >
> > Why ?
> > Anyone have a idea ?
> >
> > thx
> >
> > Stéphane
> >
> > -----------------------------------
> > Stéphane PURNELLE Admin. Systèmes et Réseaux
> > Service Informatique Corman S.A. Tel : 00 32
(0)87/342467
> >
>
> --
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas
> Systemadministrator
> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
> Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
> http://software.tao.at
>
> [attachment "signature.asc" deleted by Stéphane PURNELLE/COR/SOPARIND]
--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list