[Samba] winbind: idmap_rid - no user mapping

Michael Gasch gasch at eva.mpg.de
Wed Jun 1 06:23:38 GMT 2005 

hi

idmap_rid never shows users when invoked by "getent passwd"
did you try "getent passwd somuser" ?
that should work

same with groups

greez


Steffen Kolbe wrote:
> Hello,
> 
> I've some trouble with winbind and the idmap_rid feature in an ADS 
> environment. (Opteron with Debian 3.1pure64, official Samba/Winbind 
> packet 3.0.14a)
> 
> Without "idmap backend = idmap_rid:...." in the smb.conf a "getent 
> passwd" works fine.
> Then I delete the /var/lib/samba/*.tdb-files, activate idmap_rid in 
> smb.conf (see below) and join the ADS-Domain once more - but now "getent 
> passwd" brings only the local Linux users.
> 
> I need the local ID-mapping from "idmap_rid" for  same ID's on all Linux 
> machines without the overhead of a schema extension on ADS. In my mind 
> "idmap_rid" should also work offline (for notebooks)?
> 
> 
> Can anybody tell me the right syntax  for winbind authentication in 
> /etc/pam.d/common-account ,-auth, -password ?
> 
> 
> Thanks for help and best regards
> 
> here are the files:
> ##########################################
> /etc/samba/smb.conf
> [global]
>       unix charset = ISO8859-15
>       display charset = ISO8859-15
>       workgroup = XX
>       realm = XX.YY.TU-DRESDEN.DE
>       server string = %h server (Samba %v)
>       security = ADS
>       allow trusted domains = No
>       passdb backend = tdbsam, guest
>       passwd program = /usr/bin/passwd %u
>       passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
> *Retype\snew\sUNIX\spassword:* %n\n .
>       syslog = 0
>       log file = /var/log/samba/log.%m
>       max log size = 1000
>       preferred master = No
>       local master = No
>       domain master = No
>       dns proxy = No
>       ldap ssl = no
>       panic action = /usr/share/samba/panic-action %d
> !--->       idmap backend = idmap_rid:XX=1000-60000
>       idmap uid = 1000-60000
>       idmap gid = 1000-60000
>       template shell = /bin/bash
>       winbind cache time = 5
>       winbind use default domain = Yes
>       invalid users = root
>       printer admin = 'Domain, Admins'
> 
> [homes]
>       comment = Home Directories
>       create mask = 0700
>       directory mask = 0700
>       browseable = No
> 
> [printers]
>       comment = All Printers
>       path = /tmp
>       create mask = 0700
>       printable = Yes
>       browseable = No
> 
> [print$]
>       comment = Printer Drivers
>       path = /var/lib/samba/printers
> 
> ##############################################
> /etc/nswitch.conf
> 
> passwd:         files winbind
> group:          files winbind
> shadow:         files
> 
> hosts:          files dns
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> 
> 
> 


-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

More information about the samba mailing list