[Samba] How to support idmap_rid on Fedora Core 3?- RESOLVED

MailLists disposable at vidar.com
Mon Jan 31 20:49:02 GMT 2005 

Resolved: I was not able to compile then make install and have work so I
ended up using the FC3 packages and adding only the freshly compiled
idmap_rid module.

Thanks for the help.

Brian Hoover

MailLists wrote:
> John, sorry I did not mean to reply directly, I hate MS-Outlook!
> 
> John H Terpstra wrote:
>> On Sunday 30 January 2005 09:17, MailLists wrote:
>>> Hello,
>>> 
>>> Please forgive me if this has been discussed, I did not find any
>>> references when I searched. 
>>> 
>>> I'm trying to replace a W2K server with a samba member server in a
>>> single ADS domain. 
>>> 
>>> It seems that the Fedora rpms do not support idmap_rid so I am
>>> trying to compile from the Fedora SRPM.  After following the docs
>>> for building and configuring idmap_rid I get no ADS users from
>>> `getent passwd`. wbinfo -u returns the user list without the
>>> DOMAIN\ prefix. 
>>> 
>>> When I try to connect to the samba share I am confronted with an
>>> auth box that I have not been able to satisfy.
>>> 
>>> /var/log/samba/winbindd includes:
>>>  idmap_init: using 'idmap_rid' as remote backend
>>> 
>>> Can anyone help?
>> 
>> As one of the arguments to the 'configure' command add:
>> 
>> 	--with-shared-modules=idmap_rid \
>> 
>> Then rebuild. Make sure you add the idmap_rid module to the
>> /usr/lib/samba/idmap directory.
>> 
>> - John T.
>> 
> 
> I compiled with:
> ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
> --with-pam_smbpass --with-logbasedir=/var/log/samba 
> 
> Then created the dir:
> /usr/lib/samba/idmap
> 
> then added the symlink:
> /usr/lib/samba/idmap/idmap_rid.so ->
> /usr/local/samba/lib/idmap/idmap_rid.so
> 
> Restarted the daemons - nmbd then winbond then smbd But getent passwd
> still gives no ADS users. 
> 
> Brian
> 
>>> 
>>> Thanks,
>>> Brian Hoover
>>> 
>>> /*/*/*/*/*  smb.conf /*/*/*/*/*/*
>>> [global]
>>> 	unix charset = LOCALE
>>> 	workgroup = VIDAR
>>> 	realm = VIDAR.CORP
>>> 	server string = BIS05
>>> 	security = ADS
>>> 	allow trusted domains = No
>>> 	log level = 10
>>> 	syslog = 0
>>> 	log file = /var/log/samba/%m
>>> 	max log size = 50
>>> 	ldap ssl = no
>>> 	idmap backend = idmap_rid:VIDAR=10000-20000
>>> 	idmap uid = 10000-20000
>>> 	idmap gid = 10000-20000
>>> 	template shell = /bin/bash
>>> 	winbind enum users = No
>>> 	winbind enum groups = No
>>> 	winbind use default domain = Yes
>>> 	winbind nested groups = Yes
>>> 
>>> [users]
>>> 	comment = User Folders
>>> 	path = /smb/users
>>> 	admin users = root, 'Domain Admins'
>>> 	read only = No
>>> 	guest ok = Yes
>>> 
>>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>> 
>>> /*/*/*/*/*  config.log SNIPPED /*/*/*/*/*/*
>>> 
>>> $ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
>>> --with_pamsmbpass 
>>> 
>>> #define HAVE_LDAP 1
>>> #define HAVE_KRB5 1
>>> 
>>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>> 
>>> /*/*/*/*/*  nsswitch.conf /*/*/*/*/*/*
>>> 
>>> passwd:     files winbind
>>> shadow:     files winbind
>>> group:      files winbind
>>> 
>>> hosts:      files dns wins
>>> 
>>> 
>>> bootparams: nisplus [NOTFOUND=return] files
>>> 
>>> ethers:     files
>>> netmasks:   files
>>> networks:   files
>>> protocols:  files
>>> rpc:        files
>>> services:   files
>>> 
>>> netgroup:   files
>>> 
>>> publickey:  nisplus
>>> 
>>> automount:  files
>>> aliases:    files nisplus
>>> 
>>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>> 
>>> /*/*/*/*/*  nsswitch.conf /*/*/*/*/*/*
>>> 
>>> #%PAM-1.0
>>> auth        required      /lib/security/$ISA/pam_env.so
>>> auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth
>>> nullok auth        sufficient    /lib/security/$ISA/pam_winbind.so
>>> use_first_pass auth        required
>>> /lib/security/$ISA/pam_deny.so
>>> 
>>> account     required      /lib/security/$ISA/pam_unix.so
>>> account     sufficient    /lib/security/$ISA/pam_winbind.so
>>> use_first_pass 
>>> 
>>> password    required      /lib/security/$ISA/pam_cracklib.so retry=3
>>> type= # Note: The above line is complete. There is nothing following
>>> the '=' password    sufficient    /lib/security/$ISA/pam_unix.so \
>>>                                              nullok use_authtok md5
>>> shadow password    sufficient    /lib/security/$ISA/pam_winbind.so
>>> use_first_pass password    required
>>> /lib/security/$ISA/pam_deny.so
>>> 
>>> session     required      /lib/security/$ISA/pam_limits.so
>>> session     sufficient    /lib/security/$ISA/pam_unix.so
>>> session     sufficient    /lib/security/$ISA/pam_winbind.so
>>> use_first_pass 
>>> 
>>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>> 
>> --
>> John H Terpstra
>> Samba-Team Member
>> Phone: +1 (650) 580-8668
>> 
>> Author:
>> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
>> Samba-3 by Example, ISBN: 0131472216
>> Hardening Linux, ISBN: 0072254971
>> Other books in production.

More information about the samba mailing list