Having problems getting Samba 4.1.12 to work on CentOS 7 ...

Michael Adam obnox at samba.org
Wed Nov 5 13:36:47 MST 2014


Hi Richard,

On 2014-11-05 at 12:12 -0800, Richard Sharpe wrote:
> On Wed, Nov 5, 2014 at 12:09 PM, Rowland Penny <repenny241155 at gmail.com> wrote:
> > On 05/11/14 19:59, Richard Sharpe wrote:
> >>
> >> Hi folks, there seems to be something I am missing.
> >>
> >> I have the following entries in the smb.conf:
> >>
> >>          security = ads
> >>          idmap backend = idmap_rid:RJSDOM=10000-100000000
> >>          idmap uid = 10000-100000000
> >>          idmap gid = 10000-100000000
> >>          template shell = /bin/bash
> >>          winbind use default domain = Yes
> >>          winbind enum users = No
> >>          winbind enum groups = No
> >>          winbind nested groups = Yes
> >>
> >> I have managed to join the domain as well.
> >>
> >> I have changed /etc/nsswitch.conf so that it says:
> >>
> >> passwd:     files winbind
> >> shadow:     files winbind
> >> group:      files winbind
> >>
> >> and I have winbindd and smbd running and wbinfo -u prints out the
> >> users I expect. However, getent passwd does not show me any Windows
> >> users.
> >>
> >> So, something is wrong. Does anyone have any clues?\
> >>
> >> They changed so much in RHEL 7 (grumble grumble)
> >>
> > Yep and samba has changed as well, idmap uid & gid are both depreciated :-)
> >
> > You should be using something like this:
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 70001-80000
> > idmap config SAMDOM:backend = ad
> > idmap config SAMDOM:schema_mode = rfc2307
> > idmap config SAMDOM:range = 500-40000

This is correct, and please note, Richard, that
the default range and domain specific ranges must
but mutually disjoint. In your case, a valid config
with your backend might be:

	idmap config * : backend = tdb
	idmap config * : range = 100000001-200000000
	idmap config RJSDOM : backend = rid
	idmap config RJSDOM : range = 10000-100000000

Note the separate range for the defautl config (domain "*").

Also note that this needs to be fixed, but I don't know
whether it fixes all of your problems. Let's see... :-)

> > Perhaps a quick scan of 'man smb.conf' would help ;-)
> 
> OK, I was waylaid by one of the old howtos out there. The Wiki is a
> better source of info, it seems.

Right, there is lots of good info on the wiki, but as Rowland
has pointed out, the smb.conf manpage (and the idmap_* manpages
for the various backends) that come with the code should be the
ultimate source of information for the release you are using.

Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141105/6a247318/attachment.pgp>


More information about the samba-technical mailing list