[Samba] winbind bug?
Doug Tucker
tuckerd at lyle.smu.edu
Thu Mar 27 11:46:19 MDT 2014
>>> Rowland
>> Thanks for the once over. Helps to have multiple eyes to verify
>> things. But in the end I'm still in the same boat and not a single
>> suggestion to the facts of my issue. My config does work as long as
>> the unix ID isn't over 11000 and the client windows 7. Nobody wants
>> to even acknowledge or touch that. I've verified it down to every
>> detail I can think of. I don't know if you read my threads earlier,
>> but I can change an existing user to a unix id less than 11000 and
>> they then work. Switch them back, broken again.
>>
>> My back end windows server is 2003.
>
> After looking at your smb.conf again, I noticed something, could you
> try changing the idmap config section to this:
>
> idmap config *:backend = tdb
> idmap config *:range = 3000000-3100000
> idmap config SEAS:backend = rid
> idmap config SEAS:range = 1000-40000
> idmap config SEAS:schema_mode = rfc2307
> idmap config SEAS-S:backend = rid
> idmap config SEAS-S:range = 40001-60000
> idmap config SEAS-S:schema_mode = rfc2307
>
> Rowland
>
Before doing so...this server is live...I read a long article on the
rfc2307 yesterday and my understanding of it was you would only put this
in your domain configs IF the backend AD had the rfc configuration and
held the unix uid's, etc..that this would tell samba to look to AD for
those values (which concerns me to put that in and break all the
existing users) and we certainly do not have that in our AD here. Is
that your understanding of it? Honestly after reading that article I
considered taking that out of my config altogether as I didn't think it
had any real purpose. I put it IN based on another persons smb.conf
that had been helpful in solving an auth issue I had early on.
More information about the samba
mailing list