[Samba] How to support idmap_rid on Fedora Core 3?

MailLists disposable at vidar.com
Sun Jan 30 16:17:25 GMT 2005


Please forgive me if this has been discussed, I did not find any
references when I searched.

I'm trying to replace a W2K server with a samba member server in a
single ADS domain.

It seems that the Fedora rpms do not support idmap_rid so I am trying to
compile from the Fedora SRPM.  After following the docs for building and
configuring idmap_rid I get no ADS users from `getent passwd`. wbinfo -u
returns the user list without the DOMAIN\ prefix.

When I try to connect to the samba share I am confronted with an auth
box that I have not been able to satisfy.

/var/log/samba/winbindd includes:
 idmap_init: using 'idmap_rid' as remote backend

Can anyone help?

Brian Hoover

/*/*/*/*/*  smb.conf /*/*/*/*/*/*
	unix charset = LOCALE
	workgroup = VIDAR
	realm = VIDAR.CORP
	server string = BIS05
	security = ADS
	allow trusted domains = No
	log level = 10
	syslog = 0
	log file = /var/log/samba/%m
	max log size = 50
	ldap ssl = no
	idmap backend = idmap_rid:VIDAR=10000-20000
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	template shell = /bin/bash
	winbind enum users = No
	winbind enum groups = No
	winbind use default domain = Yes
	winbind nested groups = Yes

	comment = User Folders
	path = /smb/users
	admin users = root, 'Domain Admins'
	read only = No
	guest ok = Yes


/*/*/*/*/*  config.log SNIPPED /*/*/*/*/*/*

$ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam

#define HAVE_LDAP 1
#define HAVE_KRB5 1


/*/*/*/*/*  nsswitch.conf /*/*/*/*/*/*

passwd:     files winbind
shadow:     files winbind
group:      files winbind

hosts:      files dns wins

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus


/*/*/*/*/*  nsswitch.conf /*/*/*/*/*/*

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_winbind.so
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_winbind.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3
# Note: The above line is complete. There is nothing following the '='
password    sufficient    /lib/security/$ISA/pam_unix.so \
                                             nullok use_authtok md5
password    sufficient    /lib/security/$ISA/pam_winbind.so
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     sufficient    /lib/security/$ISA/pam_unix.so
session     sufficient    /lib/security/$ISA/pam_winbind.so


More information about the samba mailing list