[Samba] How to support idmap_rid on Fedora Core 3?- RESOLVED
MailLists
disposable at vidar.com
Mon Jan 31 20:49:02 GMT 2005
Resolved: I was not able to compile then make install and have work so I
ended up using the FC3 packages and adding only the freshly compiled
idmap_rid module.
Thanks for the help.
Brian Hoover
MailLists wrote:
> John, sorry I did not mean to reply directly, I hate MS-Outlook!
>
> John H Terpstra wrote:
>> On Sunday 30 January 2005 09:17, MailLists wrote:
>>> Hello,
>>>
>>> Please forgive me if this has been discussed, I did not find any
>>> references when I searched.
>>>
>>> I'm trying to replace a W2K server with a samba member server in a
>>> single ADS domain.
>>>
>>> It seems that the Fedora rpms do not support idmap_rid so I am
>>> trying to compile from the Fedora SRPM. After following the docs
>>> for building and configuring idmap_rid I get no ADS users from
>>> `getent passwd`. wbinfo -u returns the user list without the
>>> DOMAIN\ prefix.
>>>
>>> When I try to connect to the samba share I am confronted with an
>>> auth box that I have not been able to satisfy.
>>>
>>> /var/log/samba/winbindd includes:
>>> idmap_init: using 'idmap_rid' as remote backend
>>>
>>> Can anyone help?
>>
>> As one of the arguments to the 'configure' command add:
>>
>> --with-shared-modules=idmap_rid \
>>
>> Then rebuild. Make sure you add the idmap_rid module to the
>> /usr/lib/samba/idmap directory.
>>
>> - John T.
>>
>
> I compiled with:
> ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
> --with-pam_smbpass --with-logbasedir=/var/log/samba
>
> Then created the dir:
> /usr/lib/samba/idmap
>
> then added the symlink:
> /usr/lib/samba/idmap/idmap_rid.so ->
> /usr/local/samba/lib/idmap/idmap_rid.so
>
> Restarted the daemons - nmbd then winbond then smbd But getent passwd
> still gives no ADS users.
>
> Brian
>
>>>
>>> Thanks,
>>> Brian Hoover
>>>
>>> /*/*/*/*/* smb.conf /*/*/*/*/*/*
>>> [global]
>>> unix charset = LOCALE
>>> workgroup = VIDAR
>>> realm = VIDAR.CORP
>>> server string = BIS05
>>> security = ADS
>>> allow trusted domains = No
>>> log level = 10
>>> syslog = 0
>>> log file = /var/log/samba/%m
>>> max log size = 50
>>> ldap ssl = no
>>> idmap backend = idmap_rid:VIDAR=10000-20000
>>> idmap uid = 10000-20000
>>> idmap gid = 10000-20000
>>> template shell = /bin/bash
>>> winbind enum users = No
>>> winbind enum groups = No
>>> winbind use default domain = Yes
>>> winbind nested groups = Yes
>>>
>>> [users]
>>> comment = User Folders
>>> path = /smb/users
>>> admin users = root, 'Domain Admins'
>>> read only = No
>>> guest ok = Yes
>>>
>>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>>
>>> /*/*/*/*/* config.log SNIPPED /*/*/*/*/*/*
>>>
>>> $ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
>>> --with_pamsmbpass
>>>
>>> #define HAVE_LDAP 1
>>> #define HAVE_KRB5 1
>>>
>>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>>
>>> /*/*/*/*/* nsswitch.conf /*/*/*/*/*/*
>>>
>>> passwd: files winbind
>>> shadow: files winbind
>>> group: files winbind
>>>
>>> hosts: files dns wins
>>>
>>>
>>> bootparams: nisplus [NOTFOUND=return] files
>>>
>>> ethers: files
>>> netmasks: files
>>> networks: files
>>> protocols: files
>>> rpc: files
>>> services: files
>>>
>>> netgroup: files
>>>
>>> publickey: nisplus
>>>
>>> automount: files
>>> aliases: files nisplus
>>>
>>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>>
>>> /*/*/*/*/* nsswitch.conf /*/*/*/*/*/*
>>>
>>> #%PAM-1.0
>>> auth required /lib/security/$ISA/pam_env.so
>>> auth sufficient /lib/security/$ISA/pam_unix.so likeauth
>>> nullok auth sufficient /lib/security/$ISA/pam_winbind.so
>>> use_first_pass auth required
>>> /lib/security/$ISA/pam_deny.so
>>>
>>> account required /lib/security/$ISA/pam_unix.so
>>> account sufficient /lib/security/$ISA/pam_winbind.so
>>> use_first_pass
>>>
>>> password required /lib/security/$ISA/pam_cracklib.so retry=3
>>> type= # Note: The above line is complete. There is nothing following
>>> the '=' password sufficient /lib/security/$ISA/pam_unix.so \
>>> nullok use_authtok md5
>>> shadow password sufficient /lib/security/$ISA/pam_winbind.so
>>> use_first_pass password required
>>> /lib/security/$ISA/pam_deny.so
>>>
>>> session required /lib/security/$ISA/pam_limits.so
>>> session sufficient /lib/security/$ISA/pam_unix.so
>>> session sufficient /lib/security/$ISA/pam_winbind.so
>>> use_first_pass
>>>
>>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
>>
>> --
>> John H Terpstra
>> Samba-Team Member
>> Phone: +1 (650) 580-8668
>>
>> Author:
>> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
>> Samba-3 by Example, ISBN: 0131472216
>> Hardening Linux, ISBN: 0072254971
>> Other books in production.
More information about the samba
mailing list