[Samba] Domain member (2k8R2) server, problem mapping Kerberos/NSS users
Rowland Penny
rowlandpenny at googlemail.com
Mon Jul 21 09:15:59 MDT 2014
On 21/07/14 16:07, Elias Probst wrote:
> On 07/21/2014 04:35 PM, Rowland Penny wrote:
>> Hi, These appear to be possible problems:
>>
>> idmap config MY-DOMAIN.TLD : schema_mode = rfc2307bis # this is only
>> used by the ad backend
>>
>> idmap config MY-DOMAIN.TLD : readonly = yes # only used by the tdb, tdb2
>> and ldap backends
>>
>> idmap config MY-DOMAIN.TLD : default = yes # where did this come from??
>>
>> idmap config * : backend = tdb # no range given
> Ok, what I initially didn't realize: the 'idmap config' params are
> mutually exclusive, so it doesn't make sense to use things like
> 'readonly yes' only applies to the tdb and ldap backends.
>
> Removed the 'idmap config' entries in question, so I only have those left:
> idmap config uni-tuebingen.de : range = 900-9999999999
> idmap config uni-tuebingen.de : backend = nss
>
> The results are unfortunately still the same as I described them in my
> initial mail.
>
>> Please have a look at 'man smb.conf' and 'man idmap_nss'
> Well, I read the smb.conf manpage a lot during the last days but
> couldn't figure out what I'm still missing... that's why I ended up on the
> ML with my question.
>
> Any further ideas what do to/try/read are welcome!
>
> - Elias
>
>
>
OK, have you joined the fileserver to the domain? what is in
/etc/nsswitch.conf or to put it another way, how does the fileserver
know about the domain users & groups? does getent passwd show the domain
users ?
Rowland
More information about the samba
mailing list