[Samba] winbind: incomplete mapping ?
samba at agat.net
samba at agat.net
Fri Aug 27 13:39:27 GMT 2004
I'm trying to have a linux client to identify users against a AD server (w2k3).
I'm using ldap as winbind backend, but using files I get same errors:
On 900 users, some of them aren't fully recognised:
doing a "wbinfo -u" I see the user in the list, but a "getent passwd user"
return nothing.
More precisery, I can get the SID of the user, but winbind is unable to give me
the uid and gid affected to this SID.
# wbinfo -n blindaue
S-1-5-21-1501247731-845480421-311576647-3923 User (1)
# wbinfo -S S-1-5-21-1501247731-845480421-311576647-3923
Could not convert sid S-1-5-21-1501247731-845480421-311576647-3923 to uid
# wbinfo -Y S-1-5-21-1501247731-845480421-311576647-3923
SID is of type User
Could not convert sid S-1-5-21-1501247731-845480421-311576647-3923 to gid
I'm using winbind 3.0.6_3 (debian build)
smb.conf:
workgroup = IUTINFO
server string = %h server (Samba %v)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 100000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
realm = IUTINFO.URS.LOCAL
client signing = Yes
server signing = Yes
client use spnego = Yes
use spnego = Yes
password server = adserver.domain.com
encrypt passwords = true
;passdb backend = tdbsam guest
;obey pam restrictions = yes
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
socket options = TCP_NODELAY
winbind separator = +
winbind use default domain = yes
idmap backend = ldap:ldap://server.domain.com
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap suffix = dc=iutinfo,dc=local
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=iutinfo,dc=local
winbind enum users = yes
winbind enum groups = yes
template homedir = /data/home/%U
template shell = /bin/bash
Emmanuel
More information about the samba
mailing list