[Samba] Problem IDMAP Domain Member -> PDC

Michael Gasch gasch at eva.mpg.de
Wed Jun 9 14:37:03 GMT 2004 

hi

im using precompiled samba v. 3.0.4 packages from SuSE 9.1 DVDs
all services (ldapsam, winbind, ... ) are compiled in

user mapping on the PDC "SERVER" (SID-RID to UID) work fine
the domain member server  "FILESERV" gets the local accounts via 
nsswitch from the ldap backend of "SERVER"
(tested with getent passwd)

he also gets and checks the samba users and passwords against the PDC 
(if i connect from a client to "FILESERV"), so he has no local 
password/user backend

if i create a new folder from (win xp) client on "FILESERV" i just see 
SID-(G)RID and not "user xyz"if
if i create a new folder from (win xp) client on "SERVER" i "user xyz"

the interesting parts of smb.conf on "FILESERV" are

[global]

    workgroup = NEVAN
    netbios name = FILESERV
    server string = NevanFS01 on Samba Version: %v

    username map = /etc/samba/username.map

    log level = 5
    log file = /var/lib/samba/log.%m
    max log size = 10000

    passdb backend = ldapsam:"ldap://server:389"
    ldap passwd sync = yes
    ldap suffix = dc=eva,dc=mpg,dc=de
    ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de
    #ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
    ldap machine suffix = ou=machines
    ldap user suffix  = ou=users
    ldap group suffix = ou=groups
    ldap replication sleep = 2000

    idmap backend = ldap:ldap://server:389
    ldap idmap suffix = ou=idmap
    idmap uid = 1000-5000
    idmap gid = 1000-5000

#  interfaces = eth0 lo
#  bind interfaces only = yes

    guest ok = no
    guest account = Guest

    security = domain
    local master = no
    os level = 32
    domain master = no
    domain logons = no

    encrypt passwords = yes
    password server = server
    socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY

    wins support = yes
    dns proxy = no


local user/group accounts are from 0 (root) and 500 - 600
i also changed

idmap uid = 1000-5000
idmap gid = 1000-5000

to

idmap uid = 0-5000
idmap gid = 0-5000

but he cannot resolve SIDs

i just wonder, if theres a way around winbind?
because i already red the docs but can't get it working (see log)

please help

thx

LOG (wbinfo -S 667)

--------------------------

[2004/06/09 19:22:06, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
   [11062]: request interface version
[2004/06/09 19:22:06, 3] 
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
   [11062]: request location of privileged pipe
[2004/06/09 19:22:06, 5] nsswitch/winbindd.c:winbind_client_read(465)
   read failed on sock 19, pid 11062: EOF
[2004/06/09 19:22:06, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(303)
   [11062]: uid to sid 667
[2004/06/09 19:22:06, 5] lib/smbldap.c:smbldap_search(932)
   smbldap_search: base => [ou=idmap,dc=eva,dc=mpg,dc=de], filter => 
[(&(objectClass=sambaIdmapEntry)(uidNumber=667))], scope =
 > [2]
[2004/06/09 19:22:06, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(525)
   ldap_get_sid_from_id: mapping not found for uidNumber: 667
[2004/06/09 19:22:06, 1] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(356)
   Could not convert uid 667 to rid

More information about the samba mailing list