[Samba] How to support idmap_rid on Fedora Core 3?
John H Terpstra
jht at Samba.Org
Sun Jan 30 16:23:19 GMT 2005
On Sunday 30 January 2005 09:17, MailLists wrote:
> Hello,
>
> Please forgive me if this has been discussed, I did not find any
> references when I searched.
>
> I'm trying to replace a W2K server with a samba member server in a
> single ADS domain.
>
> It seems that the Fedora rpms do not support idmap_rid so I am trying to
> compile from the Fedora SRPM. After following the docs for building and
> configuring idmap_rid I get no ADS users from `getent passwd`. wbinfo -u
> returns the user list without the DOMAIN\ prefix.
>
> When I try to connect to the samba share I am confronted with an auth
> box that I have not been able to satisfy.
>
> /var/log/samba/winbindd includes:
> idmap_init: using 'idmap_rid' as remote backend
>
> Can anyone help?
As one of the arguments to the 'configure' command add:
--with-shared-modules=idmap_rid \
Then rebuild. Make sure you add the idmap_rid module to
the /usr/lib/samba/idmap directory.
- John T.
>
> Thanks,
> Brian Hoover
>
> /*/*/*/*/* smb.conf /*/*/*/*/*/*
> [global]
> unix charset = LOCALE
> workgroup = VIDAR
> realm = VIDAR.CORP
> server string = BIS05
> security = ADS
> allow trusted domains = No
> log level = 10
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 50
> ldap ssl = no
> idmap backend = idmap_rid:VIDAR=10000-20000
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template shell = /bin/bash
> winbind enum users = No
> winbind enum groups = No
> winbind use default domain = Yes
> winbind nested groups = Yes
>
> [users]
> comment = User Folders
> path = /smb/users
> admin users = root, 'Domain Admins'
> read only = No
> guest ok = Yes
>
> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
> /*/*/*/*/* config.log SNIPPED /*/*/*/*/*/*
>
> $ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
> --with_pamsmbpass
>
> #define HAVE_LDAP 1
> #define HAVE_KRB5 1
>
> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
> /*/*/*/*/* nsswitch.conf /*/*/*/*/*/*
>
> passwd: files winbind
> shadow: files winbind
> group: files winbind
>
> hosts: files dns wins
>
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers: files
> netmasks: files
> networks: files
> protocols: files
> rpc: files
> services: files
>
> netgroup: files
>
> publickey: nisplus
>
> automount: files
> aliases: files nisplus
>
> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
> /*/*/*/*/* nsswitch.conf /*/*/*/*/*/*
>
> #%PAM-1.0
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> auth sufficient /lib/security/$ISA/pam_winbind.so
> use_first_pass
> auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so
> account sufficient /lib/security/$ISA/pam_winbind.so
> use_first_pass
>
> password required /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> # Note: The above line is complete. There is nothing following the '='
> password sufficient /lib/security/$ISA/pam_unix.so \
> nullok use_authtok md5
> shadow
> password sufficient /lib/security/$ISA/pam_winbind.so
> use_first_pass
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session sufficient /lib/security/$ISA/pam_unix.so
> session sufficient /lib/security/$ISA/pam_winbind.so
> use_first_pass
>
> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list