[Samba] winbind: idmap_rid - no user mapping

Steffen Kolbe kolbe at vwi.tu-dresden.de
Tue May 31 15:33:25 GMT 2005 

Hello,

I've some trouble with winbind and the idmap_rid feature in an ADS 
environment. (Opteron with Debian 3.1pure64, official Samba/Winbind 
packet 3.0.14a)

Without "idmap backend = idmap_rid:...." in the smb.conf a "getent 
passwd" works fine.
Then I delete the /var/lib/samba/*.tdb-files, activate idmap_rid in 
smb.conf (see below) and join the ADS-Domain once more - but now "getent 
passwd" brings only the local Linux users.

I need the local ID-mapping from "idmap_rid" for  same ID's on all Linux 
machines without the overhead of a schema extension on ADS. In my mind 
"idmap_rid" should also work offline (for notebooks)?


Can anybody tell me the right syntax  for winbind authentication in 
/etc/pam.d/common-account ,-auth, -password ?


Thanks for help and best regards

here are the files:
##########################################
/etc/samba/smb.conf
[global]
       unix charset = ISO8859-15
       display charset = ISO8859-15
       workgroup = XX
       realm = XX.YY.TU-DRESDEN.DE
       server string = %h server (Samba %v)
       security = ADS
       allow trusted domains = No
       passdb backend = tdbsam, guest
       passwd program = /usr/bin/passwd %u
       passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
       syslog = 0
       log file = /var/log/samba/log.%m
       max log size = 1000
       preferred master = No
       local master = No
       domain master = No
       dns proxy = No
       ldap ssl = no
       panic action = /usr/share/samba/panic-action %d
!--->       idmap backend = idmap_rid:XX=1000-60000
       idmap uid = 1000-60000
       idmap gid = 1000-60000
       template shell = /bin/bash
       winbind cache time = 5
       winbind use default domain = Yes
       invalid users = root
       printer admin = 'Domain, Admins'

[homes]
       comment = Home Directories
       create mask = 0700
       directory mask = 0700
       browseable = No

[printers]
       comment = All Printers
       path = /tmp
       create mask = 0700
       printable = Yes
       browseable = No

[print$]
       comment = Printer Drivers
       path = /var/lib/samba/printers

##############################################
/etc/nswitch.conf

passwd:         files winbind
group:          files winbind
shadow:         files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis



-- 

-- 


Mit freundlichen Gruessen

Steffen Kolbe
Andreas-Schubert-Str. 23
D-01062 Dresden
------------------------------------------------------
Phone: +49/0 351 463-36750
Fax: +49/0 351 463-36809
e-mail: kolbe1 at vwi.tu-dresden.de
------------------------------------------------------
Institut fuer Wirtschaft und Verkehr
Fakultaet Verkehrswissenschaften "Friedrich List"
Technische Universitaet Dresden
------------------------------------------------------

More information about the samba mailing list