[Samba] How to support idmap_rid on Fedora Core 3?
MailLists
disposable at vidar.com
Sun Jan 30 17:05:48 GMT 2005
John, sorry I did not mean to reply directly, I hate MS-Outlook!
John H Terpstra wrote:
> On Sunday 30 January 2005 09:17, MailLists wrote:
>> Hello,
>>
>> Please forgive me if this has been discussed, I did not find any
>> references when I searched.
>>
>> I'm trying to replace a W2K server with a samba member server in a
>> single ADS domain.
>>
>> It seems that the Fedora rpms do not support idmap_rid so I am trying
>> to compile from the Fedora SRPM. After following the docs for
>> building and configuring idmap_rid I get no ADS users from `getent
>> passwd`. wbinfo -u returns the user list without the DOMAIN\ prefix.
>>
>> When I try to connect to the samba share I am confronted with an auth
>> box that I have not been able to satisfy.
>>
>> /var/log/samba/winbindd includes:
>> idmap_init: using 'idmap_rid' as remote backend
>>
>> Can anyone help?
>
> As one of the arguments to the 'configure' command add:
>
> --with-shared-modules=idmap_rid \
>
> Then rebuild. Make sure you add the idmap_rid module to the
> /usr/lib/samba/idmap directory.
>
> - John T.
>
I compiled with:
./configure --with-shared-modules=idmap_rid --with-ads --with-pam
--with-pam_smbpass --with-logbasedir=/var/log/samba
Then created the dir:
/usr/lib/samba/idmap
then added the symlink:
/usr/lib/samba/idmap/idmap_rid.so ->
/usr/local/samba/lib/idmap/idmap_rid.so
Restarted the daemons - nmbd then winbond then smbd
But getent passwd still gives no ADS users.
Brian
>>
>> Thanks,
>> Brian Hoover
>>
>> /*/*/*/*/* smb.conf /*/*/*/*/*/*
>> [global]
>> unix charset = LOCALE
>> workgroup = VIDAR
>> realm = VIDAR.CORP
>> server string = BIS05
>> security = ADS
>> allow trusted domains = No
>> log level = 10
>> syslog = 0
>> log file = /var/log/samba/%m
>> max log size = 50
>> ldap ssl = no
>> idmap backend = idmap_rid:VIDAR=10000-20000
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> template shell = /bin/bash
>> winbind enum users = No
>> winbind enum groups = No
>> winbind use default domain = Yes
>> winbind nested groups = Yes
>>
>> [users]
>> comment = User Folders
>> path = /smb/users
>> admin users = root, 'Domain Admins'
>> read only = No
>> guest ok = Yes
>>
>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>
>> /*/*/*/*/* config.log SNIPPED /*/*/*/*/*/*
>>
>> $ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
>> --with_pamsmbpass
>>
>> #define HAVE_LDAP 1
>> #define HAVE_KRB5 1
>>
>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>
>> /*/*/*/*/* nsswitch.conf /*/*/*/*/*/*
>>
>> passwd: files winbind
>> shadow: files winbind
>> group: files winbind
>>
>> hosts: files dns wins
>>
>>
>> bootparams: nisplus [NOTFOUND=return] files
>>
>> ethers: files
>> netmasks: files
>> networks: files
>> protocols: files
>> rpc: files
>> services: files
>>
>> netgroup: files
>>
>> publickey: nisplus
>>
>> automount: files
>> aliases: files nisplus
>>
>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>
>> /*/*/*/*/* nsswitch.conf /*/*/*/*/*/*
>>
>> #%PAM-1.0
>> auth required /lib/security/$ISA/pam_env.so
>> auth sufficient /lib/security/$ISA/pam_unix.so likeauth
>> nullok auth sufficient /lib/security/$ISA/pam_winbind.so
>> use_first_pass auth required
>> /lib/security/$ISA/pam_deny.so
>>
>> account required /lib/security/$ISA/pam_unix.so
>> account sufficient /lib/security/$ISA/pam_winbind.so
>> use_first_pass
>>
>> password required /lib/security/$ISA/pam_cracklib.so retry=3
>> type= # Note: The above line is complete. There is nothing following
>> the '=' password sufficient /lib/security/$ISA/pam_unix.so \
>> nullok use_authtok md5
>> shadow password sufficient /lib/security/$ISA/pam_winbind.so
>> use_first_pass password required
>> /lib/security/$ISA/pam_deny.so
>>
>> session required /lib/security/$ISA/pam_limits.so
>> session sufficient /lib/security/$ISA/pam_unix.so
>> session sufficient /lib/security/$ISA/pam_winbind.so
>> use_first_pass
>>
>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
More information about the samba
mailing list