3.0.25pre2 winbind woes

simo idra at samba.org
Mon Apr 2 21:04:06 GMT 2007


On Mon, 2007-04-02 at 15:32 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Aknin wrote:
> 
> > I read the new winbind documentation and modified my smb.conf to
> > include the following lines:
> > [global]
> > workgroup = AMBER
> > netbios name = gandalf
> > realm = AMBER
> > security = ADS
> > allow trusted domains = no
> > idmap domains = AMBER
> > idmap config AMBER: default = yes
> > idmap config AMBER: backend = rid
> > idmap config AMBER: range = 100000-999999
> > idmap alloc config: range = 100000-999999
> 
> Add  'idmap config AMBER:read_only = yes'
> 
> and drop the 'idmap alloc config' since you don't have a
> backend configured to allocate uids/gids.

Jerry,
I am thinking we should probably make the idmap_rid backend forcibly
read_only by default like the idmap_ad one. If you are ok with that I
will commit the change.

Simo.

> > My old 3.0.24 smb.conf had the following lines, and worked correctly:
> > [global]
> > workgroup = AMBER
> > netbios name = gandalf
> > realm = AMBER
> > security = ADS
> > allow trusted domains = no
> > idmap backend = rid:AMBER=100000-999999
> > idmap uid = 100000-999999
> > idmap gid = 100000-999999
> 
> This should continue to work.  Does it not?

No, this will not work, when we decided what support we said that the
multiple domains rid feature has always been marked as experimental and
we were not going to support it in the rewrite.
I can commit code to cope with that if we think we want to support it
instead, should be easy to do. Let me know what do you think, I can do
it next week.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list