[Samba] How to support idmap_rid on Fedora Core 3?

MailLists disposable at vidar.com
Sun Jan 30 17:05:48 GMT 2005 

John, sorry I did not mean to reply directly, I hate MS-Outlook!

John H Terpstra wrote:
> On Sunday 30 January 2005 09:17, MailLists wrote:
>> Hello,
>> 
>> Please forgive me if this has been discussed, I did not find any
>> references when I searched. 
>> 
>> I'm trying to replace a W2K server with a samba member server in a
>> single ADS domain. 
>> 
>> It seems that the Fedora rpms do not support idmap_rid so I am trying
>> to compile from the Fedora SRPM.  After following the docs for
>> building and configuring idmap_rid I get no ADS users from `getent
>> passwd`. wbinfo -u returns the user list without the DOMAIN\ prefix.
>> 
>> When I try to connect to the samba share I am confronted with an auth
>> box that I have not been able to satisfy.
>> 
>> /var/log/samba/winbindd includes:
>>  idmap_init: using 'idmap_rid' as remote backend
>> 
>> Can anyone help?
> 
> As one of the arguments to the 'configure' command add:
> 
> 	--with-shared-modules=idmap_rid \
> 
> Then rebuild. Make sure you add the idmap_rid module to the
> /usr/lib/samba/idmap directory. 
> 
> - John T.
> 

I compiled with:
./configure --with-shared-modules=idmap_rid --with-ads --with-pam
--with-pam_smbpass --with-logbasedir=/var/log/samba

Then created the dir:
/usr/lib/samba/idmap

then added the symlink:
/usr/lib/samba/idmap/idmap_rid.so ->
/usr/local/samba/lib/idmap/idmap_rid.so

Restarted the daemons - nmbd then winbond then smbd
But getent passwd still gives no ADS users.

Brian

>> 
>> Thanks,
>> Brian Hoover
>> 
>> /*/*/*/*/*  smb.conf /*/*/*/*/*/*
>> [global]
>> 	unix charset = LOCALE
>> 	workgroup = VIDAR
>> 	realm = VIDAR.CORP
>> 	server string = BIS05
>> 	security = ADS
>> 	allow trusted domains = No
>> 	log level = 10
>> 	syslog = 0
>> 	log file = /var/log/samba/%m
>> 	max log size = 50
>> 	ldap ssl = no
>> 	idmap backend = idmap_rid:VIDAR=10000-20000
>> 	idmap uid = 10000-20000
>> 	idmap gid = 10000-20000
>> 	template shell = /bin/bash
>> 	winbind enum users = No
>> 	winbind enum groups = No
>> 	winbind use default domain = Yes
>> 	winbind nested groups = Yes
>> 
>> [users]
>> 	comment = User Folders
>> 	path = /smb/users
>> 	admin users = root, 'Domain Admins'
>> 	read only = No
>> 	guest ok = Yes
>> 
>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>> 
>> /*/*/*/*/*  config.log SNIPPED /*/*/*/*/*/*
>> 
>> $ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
>> --with_pamsmbpass 
>> 
>> #define HAVE_LDAP 1
>> #define HAVE_KRB5 1
>> 
>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>> 
>> /*/*/*/*/*  nsswitch.conf /*/*/*/*/*/*
>> 
>> passwd:     files winbind
>> shadow:     files winbind
>> group:      files winbind
>> 
>> hosts:      files dns wins
>> 
>> 
>> bootparams: nisplus [NOTFOUND=return] files
>> 
>> ethers:     files
>> netmasks:   files
>> networks:   files
>> protocols:  files
>> rpc:        files
>> services:   files
>> 
>> netgroup:   files
>> 
>> publickey:  nisplus
>> 
>> automount:  files
>> aliases:    files nisplus
>> 
>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>> 
>> /*/*/*/*/*  nsswitch.conf /*/*/*/*/*/*
>> 
>> #%PAM-1.0
>> auth        required      /lib/security/$ISA/pam_env.so
>> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth
>> nullok auth        sufficient    /lib/security/$ISA/pam_winbind.so
>> use_first_pass auth        required     
>> /lib/security/$ISA/pam_deny.so 
>> 
>> account     required      /lib/security/$ISA/pam_unix.so
>> account     sufficient    /lib/security/$ISA/pam_winbind.so
>> use_first_pass 
>> 
>> password    required      /lib/security/$ISA/pam_cracklib.so retry=3
>> type= # Note: The above line is complete. There is nothing following
>> the '=' password    sufficient    /lib/security/$ISA/pam_unix.so \
>>                                              nullok use_authtok md5
>> shadow password    sufficient    /lib/security/$ISA/pam_winbind.so
>> use_first_pass password    required     
>> /lib/security/$ISA/pam_deny.so 
>> 
>> session     required      /lib/security/$ISA/pam_limits.so
>> session     sufficient    /lib/security/$ISA/pam_unix.so
>> session     sufficient    /lib/security/$ISA/pam_winbind.so
>> use_first_pass 
>> 
>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
> 
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> 
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.

More information about the samba mailing list