[Samba] How to support idmap_rid on Fedora Core 3?

John H Terpstra jht at Samba.Org
Sun Jan 30 16:23:19 GMT 2005


On Sunday 30 January 2005 09:17, MailLists wrote:
> Hello,
>
> Please forgive me if this has been discussed, I did not find any
> references when I searched.
>
> I'm trying to replace a W2K server with a samba member server in a
> single ADS domain.
>
> It seems that the Fedora rpms do not support idmap_rid so I am trying to
> compile from the Fedora SRPM.  After following the docs for building and
> configuring idmap_rid I get no ADS users from `getent passwd`. wbinfo -u
> returns the user list without the DOMAIN\ prefix.
>
> When I try to connect to the samba share I am confronted with an auth
> box that I have not been able to satisfy.
>
> /var/log/samba/winbindd includes:
>  idmap_init: using 'idmap_rid' as remote backend
>
> Can anyone help?

As one of the arguments to the 'configure' command add:

	--with-shared-modules=idmap_rid \

Then rebuild. Make sure you add the idmap_rid module to 
the /usr/lib/samba/idmap directory.

- John T.

>
> Thanks,
> Brian Hoover
>
> /*/*/*/*/*  smb.conf /*/*/*/*/*/*
> [global]
> 	unix charset = LOCALE
> 	workgroup = VIDAR
> 	realm = VIDAR.CORP
> 	server string = BIS05
> 	security = ADS
> 	allow trusted domains = No
> 	log level = 10
> 	syslog = 0
> 	log file = /var/log/samba/%m
> 	max log size = 50
> 	ldap ssl = no
> 	idmap backend = idmap_rid:VIDAR=10000-20000
> 	idmap uid = 10000-20000
> 	idmap gid = 10000-20000
> 	template shell = /bin/bash
> 	winbind enum users = No
> 	winbind enum groups = No
> 	winbind use default domain = Yes
> 	winbind nested groups = Yes
>
> [users]
> 	comment = User Folders
> 	path = /smb/users
> 	admin users = root, 'Domain Admins'
> 	read only = No
> 	guest ok = Yes
>
> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
> /*/*/*/*/*  config.log SNIPPED /*/*/*/*/*/*
>
> $ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
> --with_pamsmbpass
>
> #define HAVE_LDAP 1
> #define HAVE_KRB5 1
>
> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
> /*/*/*/*/*  nsswitch.conf /*/*/*/*/*/*
>
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
>
> hosts:      files dns wins
>
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files
> rpc:        files
> services:   files
>
> netgroup:   files
>
> publickey:  nisplus
>
> automount:  files
> aliases:    files nisplus
>
> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
> /*/*/*/*/*  nsswitch.conf /*/*/*/*/*/*
>
> #%PAM-1.0
> auth        required      /lib/security/$ISA/pam_env.so
> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
> auth        sufficient    /lib/security/$ISA/pam_winbind.so
> use_first_pass
> auth        required      /lib/security/$ISA/pam_deny.so
>
> account     required      /lib/security/$ISA/pam_unix.so
> account     sufficient    /lib/security/$ISA/pam_winbind.so
> use_first_pass
>
> password    required      /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> # Note: The above line is complete. There is nothing following the '='
> password    sufficient    /lib/security/$ISA/pam_unix.so \
>                                              nullok use_authtok md5
> shadow
> password    sufficient    /lib/security/$ISA/pam_winbind.so
> use_first_pass
> password    required      /lib/security/$ISA/pam_deny.so
>
> session     required      /lib/security/$ISA/pam_limits.so
> session     sufficient    /lib/security/$ISA/pam_unix.so
> session     sufficient    /lib/security/$ISA/pam_winbind.so
> use_first_pass
>
> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list