Having problems getting Samba 4.1.12 to work on CentOS 7 ...
obnox at samba.org
Wed Nov 5 13:36:47 MST 2014
On 2014-11-05 at 12:12 -0800, Richard Sharpe wrote:
> On Wed, Nov 5, 2014 at 12:09 PM, Rowland Penny <repenny241155 at gmail.com> wrote:
> > On 05/11/14 19:59, Richard Sharpe wrote:
> >> Hi folks, there seems to be something I am missing.
> >> I have the following entries in the smb.conf:
> >> security = ads
> >> idmap backend = idmap_rid:RJSDOM=10000-100000000
> >> idmap uid = 10000-100000000
> >> idmap gid = 10000-100000000
> >> template shell = /bin/bash
> >> winbind use default domain = Yes
> >> winbind enum users = No
> >> winbind enum groups = No
> >> winbind nested groups = Yes
> >> I have managed to join the domain as well.
> >> I have changed /etc/nsswitch.conf so that it says:
> >> passwd: files winbind
> >> shadow: files winbind
> >> group: files winbind
> >> and I have winbindd and smbd running and wbinfo -u prints out the
> >> users I expect. However, getent passwd does not show me any Windows
> >> users.
> >> So, something is wrong. Does anyone have any clues?\
> >> They changed so much in RHEL 7 (grumble grumble)
> > Yep and samba has changed as well, idmap uid & gid are both depreciated :-)
> > You should be using something like this:
> > idmap config *:backend = tdb
> > idmap config *:range = 70001-80000
> > idmap config SAMDOM:backend = ad
> > idmap config SAMDOM:schema_mode = rfc2307
> > idmap config SAMDOM:range = 500-40000
This is correct, and please note, Richard, that
the default range and domain specific ranges must
but mutually disjoint. In your case, a valid config
with your backend might be:
idmap config * : backend = tdb
idmap config * : range = 100000001-200000000
idmap config RJSDOM : backend = rid
idmap config RJSDOM : range = 10000-100000000
Note the separate range for the defautl config (domain "*").
Also note that this needs to be fixed, but I don't know
whether it fixes all of your problems. Let's see... :-)
> > Perhaps a quick scan of 'man smb.conf' would help ;-)
> OK, I was waylaid by one of the old howtos out there. The Wiki is a
> better source of info, it seems.
Right, there is lots of good info on the wiki, but as Rowland
has pointed out, the smb.conf manpage (and the idmap_* manpages
for the various backends) that come with the code should be the
ultimate source of information for the release you are using.
Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the samba-technical