[Samba] winbind: idmap_rid - no user mapping
Michael Gasch
gasch at eva.mpg.de
Wed Jun 1 06:23:38 GMT 2005
hi
idmap_rid never shows users when invoked by "getent passwd"
did you try "getent passwd somuser" ?
that should work
same with groups
greez
Steffen Kolbe wrote:
> Hello,
>
> I've some trouble with winbind and the idmap_rid feature in an ADS
> environment. (Opteron with Debian 3.1pure64, official Samba/Winbind
> packet 3.0.14a)
>
> Without "idmap backend = idmap_rid:...." in the smb.conf a "getent
> passwd" works fine.
> Then I delete the /var/lib/samba/*.tdb-files, activate idmap_rid in
> smb.conf (see below) and join the ADS-Domain once more - but now "getent
> passwd" brings only the local Linux users.
>
> I need the local ID-mapping from "idmap_rid" for same ID's on all Linux
> machines without the overhead of a schema extension on ADS. In my mind
> "idmap_rid" should also work offline (for notebooks)?
>
>
> Can anybody tell me the right syntax for winbind authentication in
> /etc/pam.d/common-account ,-auth, -password ?
>
>
> Thanks for help and best regards
>
> here are the files:
> ##########################################
> /etc/samba/smb.conf
> [global]
> unix charset = ISO8859-15
> display charset = ISO8859-15
> workgroup = XX
> realm = XX.YY.TU-DRESDEN.DE
> server string = %h server (Samba %v)
> security = ADS
> allow trusted domains = No
> passdb backend = tdbsam, guest
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> preferred master = No
> local master = No
> domain master = No
> dns proxy = No
> ldap ssl = no
> panic action = /usr/share/samba/panic-action %d
> !---> idmap backend = idmap_rid:XX=1000-60000
> idmap uid = 1000-60000
> idmap gid = 1000-60000
> template shell = /bin/bash
> winbind cache time = 5
> winbind use default domain = Yes
> invalid users = root
> printer admin = 'Domain, Admins'
>
> [homes]
> comment = Home Directories
> create mask = 0700
> directory mask = 0700
> browseable = No
>
> [printers]
> comment = All Printers
> path = /tmp
> create mask = 0700
> printable = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
>
> ##############################################
> /etc/nswitch.conf
>
> passwd: files winbind
> group: files winbind
> shadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
>
>
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
More information about the samba
mailing list