[Samba] IDMAP RID problems and documentation
Plant, Dean
dean.plant at roke.co.uk
Wed Dec 19 13:58:51 GMT 2007
John wrote:
> Hello List,
>
> After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of
> the new syntax for IDMAP. But I failed, Also there is a lack on
> documentation how to us it. (Yes there is a man, but it contains
> limited explanation and examples).
>
> What do I want? What (I think a lot of people wants)
> I have two samba domain members and a Windows 2003 DC without R2 /
> SFU shema extension. So I want make use of the RID facility.
> Same GID/ UID mappings on all samba servers in the domain, with
> support of BUILTIN groups, and without installing schema extensions
> on the DC. I assume that RID was designed for this scenario
> Can anyone assist me and everyone on list struggling with the same
> problems, how to proper configure SAMBA for this scenario?
>
> Old syntax works, but lack support for BUILT-IN groups, and gives
> following complaints in syslog
> Module '/usr/lib/samba/idmap/rid.so' initialization failed:
> NT_STATUS_OBJECT_NAME_COLLISION
> and:
> lib/util_str.c:safe_strcpy_fn(659)
> Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1
> (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
> in safe_strcpy [Added timed event "async_request_timeout": 8843878
>
I have just fixed one of our Samba servers this morning after an the
upgrade from CentOS 5 -> 5.1 broke winbind resolution.
The below winbind config worked for me.
[global]
workgroup = COMM
server string = Samba Server
log file = /var/log/samba/%m.log
max log size = 50
dns proxy = No
cups options = raw
password server = amachine.us.domain.co.uk
realm = US.DOMAIN.CO.UK
security = ads
# OLD IDMAP settings
# idmap uid = 16777216-33554431
# idmap gid = 16777216-33554431
# idmap backend = rid:"US=16777216-33554431"
# NEW IDMAP settings
idmap domains = US
idmap config US: default = yes
idmap config US: backend = rid
idmap config US: range = 16777216-33554431
idmap alloc config: range = 16777216-33554431
template shell = /sbin/nologin
winbind use default domain = yes
allow trusted domains = no
host msdfs = no
winbind enum users = no
winbind enum groups = no
wins server = 192.168.1.10
Hope this helps
Dean
More information about the samba
mailing list