[Samba] Problem IDMAP Domain Member -> PDC
Michael Gasch
gasch at eva.mpg.de
Wed Jun 9 14:37:03 GMT 2004
hi
im using precompiled samba v. 3.0.4 packages from SuSE 9.1 DVDs
all services (ldapsam, winbind, ... ) are compiled in
user mapping on the PDC "SERVER" (SID-RID to UID) work fine
the domain member server "FILESERV" gets the local accounts via
nsswitch from the ldap backend of "SERVER"
(tested with getent passwd)
he also gets and checks the samba users and passwords against the PDC
(if i connect from a client to "FILESERV"), so he has no local
password/user backend
if i create a new folder from (win xp) client on "FILESERV" i just see
SID-(G)RID and not "user xyz"if
if i create a new folder from (win xp) client on "SERVER" i "user xyz"
the interesting parts of smb.conf on "FILESERV" are
[global]
workgroup = NEVAN
netbios name = FILESERV
server string = NevanFS01 on Samba Version: %v
username map = /etc/samba/username.map
log level = 5
log file = /var/lib/samba/log.%m
max log size = 10000
passdb backend = ldapsam:"ldap://server:389"
ldap passwd sync = yes
ldap suffix = dc=eva,dc=mpg,dc=de
ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de
#ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap replication sleep = 2000
idmap backend = ldap:ldap://server:389
ldap idmap suffix = ou=idmap
idmap uid = 1000-5000
idmap gid = 1000-5000
# interfaces = eth0 lo
# bind interfaces only = yes
guest ok = no
guest account = Guest
security = domain
local master = no
os level = 32
domain master = no
domain logons = no
encrypt passwords = yes
password server = server
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
wins support = yes
dns proxy = no
local user/group accounts are from 0 (root) and 500 - 600
i also changed
idmap uid = 1000-5000
idmap gid = 1000-5000
to
idmap uid = 0-5000
idmap gid = 0-5000
but he cannot resolve SIDs
i just wonder, if theres a way around winbind?
because i already red the docs but can't get it working (see log)
please help
thx
LOG (wbinfo -S 667)
--------------------------
[2004/06/09 19:22:06, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[11062]: request interface version
[2004/06/09 19:22:06, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[11062]: request location of privileged pipe
[2004/06/09 19:22:06, 5] nsswitch/winbindd.c:winbind_client_read(465)
read failed on sock 19, pid 11062: EOF
[2004/06/09 19:22:06, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(303)
[11062]: uid to sid 667
[2004/06/09 19:22:06, 5] lib/smbldap.c:smbldap_search(932)
smbldap_search: base => [ou=idmap,dc=eva,dc=mpg,dc=de], filter =>
[(&(objectClass=sambaIdmapEntry)(uidNumber=667))], scope =
> [2]
[2004/06/09 19:22:06, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(525)
ldap_get_sid_from_id: mapping not found for uidNumber: 667
[2004/06/09 19:22:06, 1] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(356)
Could not convert uid 667 to rid
More information about the samba
mailing list